Zombay Posted February 16, 2011 Share Posted February 16, 2011 Hello! I run into this simple problem and couldn't find any solutions from web, so I came here to ask you guys I don't understand what happens to linebreaks when I post textarea and save value to Mysql... Btw, I notided that linebreaks works properly if I don't use mysqli_real_escape_string, but I like to keep script as secure as possible... If I input this in to textarea: row1 row2 row4 row6 I get this in textarea and html-code: 1\r\n2\r\n3\r\n4\r\n5 This is how I try to do it: <? //>>> Connect to Mysql // Secure $_POST -data $_POST['mytext'] = mysqli_real_escape_string($db, $_POST['mytext']); // Insert to Mysql mysqli_query($db, "INSERT INTO mysql_table (mytext) VALUES ('$_POST[mytext]')"); // Get data from Mysql $query = mysqli_query($db, "SELECT mytext FROM mysql_table';"); $row = mysqli_fetch_array($query); mysqli_free_result($query); ?> <textarea name="mytext"><? print $row['mytext']; ?></textarea> <? // nl2br function $row['mytext'] = nl2br($row['mytext']); // print text echo $row['mytext']; ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 16, 2011 Share Posted February 16, 2011 Is magic_quotes_gpc() on in your php.ini file, perchance? Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 16, 2011 Author Share Posted February 16, 2011 I use Xampp with default settings This is what I found in php.ini; ; magic_quotes_gpc ; Default Value: On ; Development Value: Off ; Production Value: Off Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 16, 2011 Share Posted February 16, 2011 That doesn't really tell you what its actually doing. What does phpinfo(); show the value to be? Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 16, 2011 Author Share Posted February 16, 2011 Ahh.. sorry, man! It's off. magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 16, 2011 Author Share Posted February 16, 2011 I have now read about hundred different websites and nobody knows solution! Almost every website uses textarea (including this one) So why it's so difficult to find this simple script? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 16, 2011 Share Posted February 16, 2011 I don't see as where there should be a problem with it, but when I get a few extra minutes I'll insert some sample data and test it. Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 16, 2011 Author Share Posted February 16, 2011 I don't see as where there should be a problem with it, but when I get a few extra minutes I'll insert some sample data and test it. Thanks a lot! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 16, 2011 Share Posted February 16, 2011 It isn't giving me any problems at all. Is that your actual code? Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 17, 2011 Author Share Posted February 17, 2011 Aaaarrggh! Auts, man! You got it! I was wondering there is something weird about this.. There was foreach $_POST values with mysqli_real_escape_string() in the beginning of code, so i used mysqli_real_escape_string() twice.... I'm terrible sorry I wasted your time! Btw, do you think it's secure enought if I just add htmlspecialchars() before printing? $row['mytext'] = htmlspecialchars($row['mytext'], ENT_QUOTES); Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2011 Share Posted February 17, 2011 If you're echoing it back into the <textarea>, I would just echo it as is. Anywhere else in the markup, yes htmlspecialchars() should be fine. Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 17, 2011 Author Share Posted February 17, 2011 Yes, but then if user post's html-code in textarea it will messup the site... But thank you very much, man! This was a big help! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2011 Share Posted February 17, 2011 HTML markup is just rendered as-is in a text area. Give it a try and see. Quote Link to comment Share on other sites More sharing options...
Zombay Posted February 17, 2011 Author Share Posted February 17, 2011 hmm.. if I type example <textarea> in textarea and post it, I get two textarea's on the page... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2011 Share Posted February 17, 2011 Ya know, it seems to be browser-dependent. I was just testing it out, and in Safari it just spits the raw markup back into the textarea like I'm used to. In FF, the closing </textarea> tag is truncated, so it seems something I though worked across the board actually doesn't. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.