We Keep Coding

Preserve and display text exactly how it is typed and submitted

I'm having lots of trouble preserving the exact look of how a user types out a short paragraph.
My problem is that random slashes and html show up. When people would hit enter while typing the message, "\r\n\" would show up when it's echoed later. I tried fixing that but now when the user types an apostrophe while composing a message, it gets inserted into the database with 3 back slashes, and thus echoed later with 3 back slashes with the apostrophe. Frustrating! I want to just start over!
Here's what I do.
User types a message in an input field and hits submit.
That message gets inserted into the database with type varchar(280) via php.
That message gets echoed via php.
I've tried many different things like nlbr and strip_tags and stripslashes and mysql_real_escape_string and others. I might be using these all in a certain combination that messes it up.
So my question is what is the best way to preserve exactly how someone composes a text paragraph to be later echoed via php to look just like how they typed it?

Make sure Magic Quotes are off or, if you can't disable them, cleanse your strings from them. Read the manual for details: http://www.php.net/manual/en/security.magicquotes.php
When inserting your text into the database, escape it properly for SQL syntax once or, better, use prepared statements. See How can I prevent SQL injection in PHP? and The Great Escapism (Or: What You Need To Know To Work With Text Within Text).
When outputting to HTML, use htmlspecialchars to avoid HTML injection or plain syntax problems and afterwards use nl2br to format line breaks specifically for HTML.
That's basically it.

On the second step you need to escape it with mysql function.
But for correct outputing it you need to do following
<pre><?= htmlentities($mysqlRow['data']); ?></pre>
This will get from database result needed information and will outputs it like it is. With all spaces and tabs and html tags in it. (If user enters <html> this will output <html> like text)

html encoding with php

I have an issue. I have a column in mysql database like
<p><strong>WELCOME</strong></p>
<p><strong>About Me</strong>
Now I want to fetch this in my php page. But when I am fetching, it doesn't show bold text, only normal text.
I am using
html_entity_decode($content,0,1649)."...");

It sounds like what is happening is that you have some other code that is escaping your data prior to being output for HTML.
This is a good thing in most cases. You don't want HTML with <script> tags and what not being allowed in your data from users. If anything, you don't want < and > to be misinterpreted.
However, if you do want to allow HTML, you need to modify whatever is outputting your HTML to not escape this particular variable.

Inserting textarea data into mySQL as text and output results

All,
I'm inserting some text from a textarea in a mySQL database. I'm using mysql_real_escape_string() to do this. I'm using stripslashes() to remove the "\" that gets inserted in front of this to display it. However when I output this it gives me the following result for something like wasn't I get wasn\\'t and if someone hits enter in my text area I get \r\n\r\n and that is also displayed.
In my database it stores correctly with a single slash and the return but it doesn't output that the same way when it's outputed. Any idea why it would be doing this?
Thanks

As long as you are double checking how your outputting data. I used.. serialize(), and unserialize(). Takes care of any special characters it seems. Have you tried that?

Preserve user comments format in database

HI,
I am creating on comments form where users will be commented and will be stored in the MYSQL database. The problem what I am facing is, it is stored as the single line in the database. It should be stored with exact format how user is entered in the form(like new lines and everything). I am using PHP to store it in the MySQL db.

First store it as text or longtext. Second, when showing the comment, use a function like nl2br to convert newlines to html <br> elements. This way, linebreaks are preserved.

Your text is stored just fine in the database if you are putting it into a long enough text-type field (e.g. TEXT), including the newlines in the user input.
Your problem is how to display the text formatted the way the user was seeing it when entering it. This is a more generic problem, and it only has to do with how HTML treats whitespace.
One approach would be to call nl2br on the comments, as Ikke says. This would replace all newlines (which the browser disregards) with <br> tags which have a visible effect on the rendered output.
Another option would be to put the text inside a <pre>...</pre> tag. This will force the browser to render it with whitespace preserved.
It's really up to what's more convenient/suitable for you.
Update: Just to be clear: do not modify the user input before inserting it in the database (unless it's part of your input validation, like e.g. stripping HTML tags from the input). Store it in an "untouched" format, and only do some processing on it before you output the data. This way, you always have the option of performing the correct processing if your output channel changes in the future (e.g. export comments to a text file vs displaying them as HTML).

you can store the comments in the same form in the mysql database. one difference would be when you retrieve the comments that has new line your code should look for \r\n and interpret it.. and also when you insert the data in mysql you will have to escape ' and \ characters from the comment.

[PHP/MySQL]: Is there a way to store text in Rich Text Format in MySQL table?

I have given en Entry Form to the user to input values that are stored in a MySQL table. There is one column called "Project Details", wherein the user can input upto 200 characters and this column is of type "varchar".
Till here everything is fine. The problem starts when the project details contain a number of points that are to be listed on the HTML page as:
(1) .........
(2) .........
(3) .........
It is unsure whether the project details is of one line, one paragraph, a simple text or a numbered list.
Is there any way to save the project details in rich text format in the MySQL table and when PHP shows the page of my website, the text gets listed as it was pasted?

If you want to store something like rich text format, you'll probably want to place it into a BLOB field: http://dev.mysql.com/doc/refman/5.0/en/blob.html which has no actual character set assigned to it
Can I ask though, why you would want to do that? Why not use one of the many rich text editors that convert your information into HTML (like tinyMCE), which from there you can store as-is or pass it through a Html->Textile filter or something similar.

You might want to consider using a simple markup language like Markdown or Textile. These allow you to take natural looking plain text, and then render it as HTML.
Failing that, you could simply display the text verbatim within <pre> tags.

If you are really using RTF, you might need is RTF-to-HTML-Converter, a quick search brought this: http://directory.fsf.org/project/rtf2html/ (untested). Is this what you meant?
What kind of code you store in a MySQL-Database is up to you, but a Varchar is probably not the best field type; you should consider changing it into a Text-field.

I encrypt using base64_encode() and to get I use base64_decode(). Tabs, spaces and special characters are preserved.
$statement->execute(array(':cemail' => $c_email,
':ctel' => $c_tel, ':msg' => base64_encode($c_msg)));
$msg = $rd['texe;];
$msg = base64_decode($msg)
Works perfectly for me

RTF is not the correct way to go because it's not interpreted correctly by webbrowsers.
You should use some markup language like Markdown, the one used here.