PHP line breaks

[c_pattle]

I'm trying to insert the contents of a textarea into a MySQL database but I am wondering what the best way is to preserve the users line breaks.  I know that you can use nl2br() to convert "\n" into "<br />" when the retrieve data from the database but I am looking at a way to insert these line breaks when I enter the data. 

 

Thanks for any help. 

[the182guy]

If it's a simple textarea that the user is filling in (with no HTML), then you don't need to process the new lines. Just process them when they are retrieved from the db to display on the page, use nl2br() and htmlentites().

 

Don't forget when inserting the users data use strip_tags() to avoid XSS and your preferred real_escape() function.

[c_pattle]

Ah right I see.  Thanks.  At the moment when I enter data the line breaks are not being preserved but this is because I am using mysql_real_escape.  So I should stop using this for this field and just used strip_tags?

[BlueSkyIS]

how can you tell the line breaks are not being preserved? mysql_real_escape_string() will not remove line breaks.

[the182guy]

I suspect you are echoing the data out onto the page and the data is appearing with no new lines. That is normal because web browsers ignore the new line character, the browser will only show a new line if there is a <br /> or <p> or another block level element. If this is the case, view the source of the page from the browser and you will see the new lines.

[c_pattle]

I am not sure what I am doing wrong but the line breaks aren't being preserved when I submit it to the database.  When I review the database there are no line breaks and when I look at the page source there are no "\n".  Below I have given an example of how I am submitting data. 

 

sprintf("insert into table (name, content) values (\"%s\", \"%s\")", mysql_real_escape_string($_GET['name']), mysql_real_escape_string($_GET['content']));

 

 

[BlueSkyIS]

despite the previous post, you should not be able to see \n in the source

 

try retrieving the stored record and use nl2br() on the content to display it in HTML.

[c_pattle]

Thanks.  I have tried retrieving the content used nl2br but the breaks are still not showing so I am now sure what is happening. 

[BlueSkyIS]

at this point, i would need to see the form and php code to see what's going on.

[c_pattle]

I've taken out the sections of code that are being used. 

 

Here is the form code

 

<label for="text">Your text <span id="text_status"></span></label>
<textarea name="text" id="text" class="validate"></textarea>

 

and this is PHP code used to submit it

 

$submit_sql = sprintf("insert into table (name, text, category) values (\"%s\", \"%s\", \"%s\")", mysql_real_escape_string($_GET['name']), mysql_real_escape_string($_GET['text']), mysql_real_escape_string($_GET['category']));

$submit_rs = mysql_query ($submit_sql, $mysql_conn);

 

Could it be perhaps that I am using GET rather than POST?