Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jan 2004
    Location
    Des Moines, Iowa
    Posts
    219
    Thanks
    0
    Thanked 0 Times in 0 Posts

    mysqli_real_escape_string adds \n\r

    I'm submitting a form that contains the content for a page...

    I'm using (to avoid SQL injection attacks) $mysqli->real_escape_string($var).

    Other forums have advised enclosing that with stripslashes() to avoid multiple slashes.

    That is not the problem - the problem is that the real_escape_string function is adding a \n\r to my input...

    How do I get these new lines out of here?
    Rich S. Wyatt
    D3 Web Creations

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,071
    Thanks
    11
    Thanked 96 Times in 94 Posts
    you sure that's not \r\n ? which would be a regular newline on win32, you should only stripslashes if you have to, else you are potentially undoing some of the good done by the mysql_escape_string().

    check if you need to stripslashes...
    PHP Code:
    <?php
    $quotes_on 
    = (get_magic_quotes_gpc()==|| get_magic_quotes_runtime()==1) ? true false ;
    ?>
    if $quotes_on === true then stripslashes before you escape, else do not.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Regular Coder
    Join Date
    Jan 2004
    Location
    Des Moines, Iowa
    Posts
    219
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quotes are on...

    So I am stripslashing before I escape. Now - the problem is that it is still giving me a \r\n ... I have tried preg_match, preg_replace to find the \r\n after the escape - but to no avail. <sigh>

    Any thoughts?
    Rich S. Wyatt
    D3 Web Creations


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •