I am working on a form that enables inserting some text into a database. I want to be able to copy and paste 2 or more paragraphs of text into the text area and then insert this into the database, retaining the line breaks.
After submitting the text to the database, I redisplay this text area using the following:
<textarea name=content wrap=physical rows=10 cols=47 ><?php echo $content ?></textarea><br>
However this is resulting in the following characters appearing where the line break should appear
\r
I have tried the following
<textarea name=content wrap=physical rows=10 cols=47 ><?php echo stripslashes($content); ?></textarea><br>
But I still get the following extra characters
rnrn
I would basically like the text to appear in the text area exactly as it was when I pasted it in.
This is how I retrieve the value of the text area
$content = mysql_real_escape_string($_POST["content"]);
I would appreciate any advice on sorting this problem out.
Many thanks
Paul
p.s just checked and magic quotes is on. I am not sure what magic quotes is but I have seen this mentioned in other posts relating to my problem.
SpikeZ
August 21, 2008, 11:04am
2
Hi Paul,
You dont need mysql_real_escape_string when you pull data from the database - only when putting it in.
To display the text you could use
<?php echo nl2br($content) ?>
Thanks for the super fast reply. I have just amended the code to
$content = $_POST["content"];
And that seems to sort it.
With regards inserting my data into the database, I am using the following which seems to work fine
$query = "INSERT INTO intros(sectionId, title, content, imageFileName)
VALUES('$sectionId','$title', '$content','$newname')";
Should I be using mysql_real_escape_string here when inserting?
I am using what you suggested for displaying the content text on the content page which works fine.
$content = nl2br($content);
echo "<p>$content</p>";
Thanks
Paul
SpikeZ
August 21, 2008, 11:16am
4
Yes mysql_real_escape_string on the way in so that any injection attempts are dealt with.
Thanks SpikeZ
So should I do something like this?
$title = mysql_real_escape_string($title);
$content = mysql_real_escape_string($content);
$newname = mysql_real_escape_string($newname);
$query = "INSERT INTO intros(sectionId, title, content, imageFileName)
VALUES('$sectionId','$title', '$content','$newname')";
Thanks
Paul
SpikeZ
August 21, 2008, 12:12pm
6
perfect :tup:
mysql_real_escape_string($_POST['title']);
or for GET variables
mysql_real_escape_string($_GET['title']);
Excellent! Thanks a million for the swift and super help!!