about nl, br and security while working with textarea and mysql in PHP

I'm getting data from my textarea with the following code

$about_me=mysql_real_escape_string(nl2br($_POST['about_me']));

which 1. Receives data, using开发者_如何学Go $_POST. 2. nl2br makes brakes so If I echo this code to user he will see if there were new lines. 3. mysql_real_escape_string to secure code from mysql injections before entering it to database.

So if I echo this code everything works fine.

But If I edit it again through textarea, php goes to mysql gets data, puts it to textarea and I see <br> signs...

How can I get rid of them while editing my text again in textarea ?

How can I get rid of them while editing my text again in textarea ?

Stop using nl2br(), of course. It's entirely wrong here.

You use nl2br() when you want to output data that contains linebreaks to HTML, not when you want to store it in the database. Store data unchanged, format it for viewing.

If you output it into a <textarea> you don't need to use it either, since textareas display linebreaks (whereas HTML in general does not). For the textarea you need htmlspecialchars(), but apparently this is already happening - otherwise you would not see literal <br> showing up.

<?php
function br2nl($string){
  $return=eregi_replace('<br[[:space:]]*/?'.
    '[[:space:]]*>',chr(13).chr(10),$string);
  return $return;
}
?> 

Use this while getting data from database and before printing into textarea .

http://php.net/manual/en/function.nl2br.php

Check examples on this page