\\r\\n nightmare

PHP
1

Hi guys, okay, I know this is a common problem and there are many threads around the web however none have been able to help, it seems to happen for many different reasons and no matter how much research I’ve done this is driving me nuts.

So I basically get data from a textarea through the following:

$data=$db->escape_value($_POST['data']);

My escape_value function is like so:

	
function escape_value($value){
		
		if($this->real_escape_string_exists){

			if($this->magic_quotes_active){$value= stripslashes($value);}

			$value= mysql_real_escape_string($value);
			
		}else{

			if (!$this->magic_quotes_active){$value = addslashes($value);}
		}

		return $value;	
	}

After it saves to the database I display it back in the textarea and all line breaks are replaced with \r
.

magic_quotes_gpc is off, I’m running PHP 5.2.13, this has nothing to do with not using nl2br() for output. I believe it was working fine sometime before it didn’t. Tried lots of things.

And if I don’t use the mysql_real_escape_string() it works fine, but who would want to do that?

Any ideas?

2

These days, of course, you would be much better off using something like PDO with prepared statements, and leaving mysql_real_escape_string/addslashes etc as a relic from the past.

But I understand if you’re maintaining old code.

3

I don’t see the point of storing it in a variable.

yes nice one. Thank you!

You missed the closing brace on that if statement.

Realized but didn’t want to be picky.

Thank you both

4

That works! :slight_smile:

5

Why endif?


function escape_value($value){ 
  if($this->real_escape_string_exists)
    return mysql_real_escape_string($value); 
  return addslashes($value); 
}

:cool:

That was what I was going for, but the I forgot about that opening brace that was already there :slight_smile:

6

You missed the closing brace on that if statement. :slight_smile:

Should be either:

function escape_value($value){ 
  if($this->real_escape_string_exists){ 
    return mysql_real_escape_string($value); 
  }
  return addslashes($value); 
}

or:

function escape_value($value){ 
  if($this->real_escape_string_exists) :
    return mysql_real_escape_string($value); 
  endif;
  return addslashes($value); 
}
7

I don’t see the point of storing it in a variable. I’d just do


function escape_value($value){ 
  if($this->real_escape_string_exists){ 
    return mysql_real_escape_string($value); 
  return addslashes($value); 
}

You don’t even need the else, because if $this->real_escape_string_exists is true, it will return and thus never fire the other return. If it’s false it will fire the other return. :slight_smile:

Yes, I’m a stickler for compact code (:

8

hmm yeh that function has a couple of spiderwebs :lol:

So it can be reduced to this

function escape_value($value){
        
        if($this->real_escape_string_exists){

            $value= mysql_real_escape_string($value);
            
        }else{

            $value = addslashes($value);
        }

        return $value;    
    }

Anyway it can be improved? Should I be doing anything else before inserting to database?

Thanks

9 

if($this->magic_quotes_active) {
   $me->tell('sys admin', 'please turn magic quotes off man, it\\'s deprecated and not even secure');
}

:smiley:

All kidding aside, good thing you figured it out. I’d never even heard of stripcslashes. Looks interesting, good to know it exists :slight_smile:

10

if you have the same problem use stripcslashes($your_data); for output. Did the job for me thankfully.

Beware it is stripcslashes() and not stripslashes()