2

I'm having trouble getting data out of the database and echoing out in a HTML page textarea.

This is the code used to get the data into the database:

$_SESSION['content'] = mysqli_real_escape_string($link, strip_tags($_POST['content'],'<a>'));

This simply strips HTML tags except for links and stores in the database. If you look in the database, the line breaks are invisible but there, so i assume they are \n and \r.

If i were to type into a textarea:

This should be a 

New line

The database stores this as:

This should be a<br>
New line

When echoed out into a textarea, this is what's displayed:

This should be a \r\n\r\nNew line

I'm sure i'm missing something very simple, any help greatly appreciated.

UPDATE:

If i remove mysqli_real_escape_string, the line breaks are preserved and work perfectly, do I have to sacrifice security for this?

SOLVED:

mysqli_real_escape_string causing the problem, do not echo out a variable which has had this applied. Only use mysqli_real_escape_string when inserting, deleting, etc from a database, not before, definitely not after ;)

Thanks everyone!

Cristian
  • 6,765
  • 7
  • 43
  • 64
  • Try using `$_POST['content'] = stripslashes($_POST['content'])` before your posted line. However I'm not sure this will help... http://php.net/manual/en/function.stripslashes.php – lorenzo-s Dec 12 '11 at 13:36
  • surely this would just strip the new line escape characters, making \n -> n? – Cristian Dec 12 '11 at 13:38
  • 1
    @user964145 not if in the database they are stored as \\\n (which escapes the slash) – Prisoner Dec 12 '11 at 13:39
  • I don't know. That function have to be called to clear escaped strings. Not using it, for example, if you type `I don't know` in your form, you will get `I don\'t know` in your POST data. – lorenzo-s Dec 12 '11 at 13:41
  • @lorenzo-s, that is correct but it will also escape \\\n – Prisoner Dec 12 '11 at 13:43
  • @user964145 -- Thank you for posting the solution that worked for you. That's good to know, and I really appreciate your follow-up. Makes this a great post. – Shawn Spencer Dec 12 '11 at 18:39

5 Answers5

5

Use the correct HTML/CSS.

;-)

The line breaks all work in an HTML pre tag, or in a tag with the CSS white-space property set to:

white-space: pre;

Resources:

http://www.w3schools.com/cssref/pr_text_white-space.asp

http://www.quirksmode.org/css/whitespace.html

Shawn Spencer
  • 1,442
  • 3
  • 15
  • 22
1

This worked for me:

function br2nl( $input ) {
    return preg_replace( '/\<br.*\>/Ui', '', $input );
}
Oscar Salguero
  • 10,275
  • 5
  • 49
  • 48
1

For very long lines, you also need the text to wrap instead of potentially break out of its parent container. To cover this case, but also preserve new lines, use following css:

white-space: pre-wrap;

resource: https://css-tricks.com/almanac/properties/w/whitespace/

Aris
  • 4,643
  • 1
  • 41
  • 38
1

Firstly, you shouldn't be using nl2br as this will change your \n's to <br>'s.

You will most likely need to strip the slashes echo stripslashes($_SESSION['content']).

Edit following further comments:

If the data is stored as <br>'s in the database, you can just do str_replace('<br>',"\n",$string); which will convert the <br>'s into \n's

Prisoner
  • 27,391
  • 11
  • 73
  • 102
  • this makes the \n and \r into n and r. I want to echo into the textbox exactly what I wrote in, preserving the line breaks – Cristian Dec 12 '11 at 13:41
  • Am very sorry, just realised that line breaks are stored as
    in the database, can i convert these
    tags into a new line for the textarea?     – Cristian Dec 12 '11 at 13:44
  • @user964145 can you show us the data as it is stored in the database? – Prisoner Dec 12 '11 at 13:44
  • function br2nl( $data ) { return preg_replace( '!!iU', "\n", $data ); } – Richard EB Dec 12 '11 at 13:47
  • this is still not working for me, using the str_replace and the function provided by Richard, still outputs 'This is a\r\n\r\nnew line' in the textarea, could the mysqli_real_escape_string be causing problems? – Cristian Dec 12 '11 at 13:52
  • Please edit your original post with 1) the exact data that is stored in the database & 2) the output of `$_SESSION['content']` after you have called `mysqli_real_escape_string` - you may even find that by doing this you can debug your own application. – Prisoner Dec 12 '11 at 13:54
  • Removing escape string fixes the line break problem, do I just have to remove the escape string? – Cristian Dec 12 '11 at 13:58
  • @user964145 *_real_escape_string should be used when inserting data into a database. – Prisoner Dec 12 '11 at 14:00
0

The nl2br function is working with that content as a string: http://codepad.org/M2Jw9KQJ

This leads me to believe that you are not echoing out the content you claim you are.

Are you sure the content in the DB is as you say it is? Perhaps you need to go the other way round:

function br2nl( $data ) {return preg_replace( "!<br.*>!iU", "\n", $data );}

Richard EB
  • 967
  • 10
  • 24
  • When content is submitted, mysqli_real_escape_string and strip_tags is applied to it. In the database the new lines are represented as
    tags. The modified content is then echoed out into the textarea with no new lines, instead just a trail of \n\r, for example 'This is a\r\n\r\nnew line'     – Cristian Dec 12 '11 at 13:53