开发者

MySQL slashes and nl2br

问答 作者:

I am trying to store HTML posted from a textarea into a database. I have a textarea inside a form which I have called "message". The PHP code that processes it is:

if(isset($_POST['submit'])){
    if(isset($_POST['title']) && isset($_POST['message'])){
        $title = $_POST['title'];
        $message = $_POST['message'];

        if(get_magic_quotes_gpc()){         
            $title = stripslashes($title);
            $message = stripslashes($message);
        }

        $title = mysql_real_escape_string($title);
        $message = mysql_real_escape_string($message);

        $q = "INSERT INTO table (title,datetime,text) VALUES ('{$title}',NOW(),'{$message}')";
        $rows_affected = $db->exec($q);
        if($rows_affected > 0){
            echo "<p>Done.</p>";
        } else {
            echo "<p>Failed. </p>"; 
        }
    }
}

The problem I am having is then retrieving this and converting newlines to <br />. Here is what I am doing:

$res = array();

$order = array("\r\n","\n","\r");
$replace = '<br />';

$q = "SELECT title,datetime,text FROM table";
$res = $db->get_all($q);
if($res){
    foreach($r开发者_C百科es as $result){
        $result['title'] = stripslashes($result['title']);
        $result['text'] = str_replace($order, $replace, stripslashes($result['text']));
    }       
}

echo "<pre>";
print_r($res);
echo "</pre>";

I just can't get rid of those pesky \r\n's in the message. I have tried changing $order to

$order = array("\\r\\n","\\n","\\r");
// and even
$order = array("\\\r\\\n","\\\n","\\\r");

but nothing seems to work. Any ideas?

if ($res = $db->get_all('SELECT title,datetime,text FROM table')){
    foreach ($res as &$result){
        $result['text'] = nl2br($result['text']);
    }       
}

echo "<pre>";
print_r($res);
echo "</pre>";

I did three things:

  • Remove the stripslashes. They mustn't be there. The slashes mysql_real_escape_string adds are removed when the query is executed.
  • I used the function nl2br for the new lines. Why write something yourself if it's already built in?
  • I added a & in front of $result in the foreach loop. If I didn't do this only the shallow copies were modified, not the variables themselves. Thus there wouldn't be any change at all.

For the retrieving of the data you don't need to screw around with str_replace/stripslashes. 

$res = array();

$q = "SELECT title,datetime,text FROM table";
$res = $db->get_all($q);
if($res){
    foreach($res as &$result){
        $result['title'] = $result['title']; // Don't see the reason for stripslashes here
        $result['text'] = nl2br($result['text']);
    }       
}

echo "<pre>";
print_r($res);
echo "</pre>";

Use nl2br to convert your \n to proper HTML line breaks. (Note: If you want to show the text inside of a textarea again, e.g. for editing, you need to output the "text" as-is). The only thing that you would want to do is use strip_tags to prevent HTML from being inserted into your output.

more usual way of what nikic did

foreach ($data as $key => $row){
  $data[$key]['text'] = nl2br($row['text']);
}

you did overwrite your temporary $result variable, while you have to write modified variable back into array. and give our variables sensible names.
Also, consider to use htmlspecialchars() if it's user supplied text.

继续阅读:backslashnewlinephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9