2

I have WMD editor on my site, and i store the markdown in the DB. But before i send the markdown to database i filter it with mysql_real_escape_string, like that:

$to_database = mysql_real_escape_string($_POST['markdown']);

And it's okay. But now I want to show it, so i use PHP Markdown (which converts markdown to html). But the problem is that it shows me \r\n and \n instead of new lines. I tried nl2br function, but it didn't help. Even if I do not escape the output (do not convert markdown to html and using htmlpurifier) I still get \n instead of new lines. Only when I remove mysql_real_escape_string it looks fine.

bbbbbbbbbbb nnnnnnnnn

apdpdpdpddc
  • 23
  • 5

2 Answers2

0

You may have something sitting on your input layer and escaping incoming characters with backslashes, so that when you use mysql_real_escape_string you're actually getting double-escaped content.

If you are very unlucky that thing might be magic_quotes_gpc in which case you should get rid of it ASAP, or if you really can't then work around it.

Community
  • 1
  • 1
bobince
  • 528,062
  • 107
  • 651
  • 834
-1

They are being converted and are no longer acting as line breaks. You want to replace them:

$markdown = str_replace('\r\n','<br/>',$_POST['markdown']);
$markdown = str_replace('\n','<br/>',$markdown);

You might also want to do this:

$markdown = html_entity_decode($markdown);
Eddie
  • 12,898
  • 3
  • 25
  • 32
  • Thanks, however it shows me
    in the text (it's <br/> in source code). PHP Markdown somehow converts
    to html entities i guess (because when i've removed the php markdown processing i got the line breaks ok).     – apdpdpdpddc Jul 11 '11 at 21:49
  • 1
    str_replace accepts arrays, you can do it in one function call: `str_replace(array('\r\n','\n'), '
    ', $_POST['markdown'])`     – Endophage Jul 13 '11 at 15:01