I'm pulling content from a DB that has been sanitized using mysql_real_escape_string.
Accordingly the new line characters now appear as "\n".
The issue is that this content is displayed to users inside a < pre > tag so I cannot replace \n with < br/> for instance.
I suppose I could replace \n with the actual utf8 character code before inserting the result inside the < pre>.
Can somoneone assist here? Not using mysql_real_escape_string isn't really an option due to security policy.
Thanks.
echo '<pre>'.str_replace('\n', "\n", $string).'</pre>';
why not ...
echo str_replace('\\n', PHP_EOL, "few lines\nof text here,\nblah, blah! etc!");
str_replace("\\n","\n",$data);
I'm pulling content from a DB that has been sanitized using mysql_real_escape_string. Accordingly the new line characters now appear as "\n"
If you've not done anything to the raw data pulled back from the database then the ptoblem is that it has been 'sanitized' twice when inserted.
C.
This might help a bit:
echo('test\ntest');
shows as
test test
but
echo("test\ntest");
shows as
test
test
Related
I am trying to display a data into textarea which is fetched from tables that i have submitted via another form. The issue comes up when a new line is entered.
The data getting displayed in the textarea is as
lin1\r\nlin2
it should be like
lin1
lin2
I have tried nl2br but it does not work as expected.
How can i make things optimized. Thanks
This problem can be solved using stripcslashes() when outputting your data.
Please note that the method above is different from stripslashes() which doesn't work in this case.
I tried using nl2br but it wasn't sufficient either.
I hope str_replace saves you.
<?php
$str='lin1\r\nlin2';
$str=str_replace('\r\n','<br>',$str);
echo $str;
OUTPUT:
lin1
lin2
This is a common question and the most common answers are ln2br or str_replace.
However this is just creating unnecessary code.
In reality the problem is pretty much always that you have run the data through a mysql escape function before displaying it. Probably while you were in the process of saving it. Instead, escape the data for saving but display an unescaped version.
<?php echo str_replace('\r\n', "\r\n", $text_with_line_breaks); ?>
See single quotes & double quotes this is a trick.
A perfect solution for newbies.
you overdo quote in insert/update statement
This problem in you case you can solve doing next
<?php
$str = 'lin1\r\nlin2';
$solved_str = str_replace(array("\\r","\\n"), array("\r","\n"), $str);
var_dump($str,$solved_str);
But you need to check insert/update statement on over quotation escape symbols
I would recommend using double quotes for \r\n such as "\r\n". I've never had it work properly with single quotes.
For non- textarea use this function
function escapeNonTextarea($string){
$string=str_replace(array('\n','\r\n','\r'),array("<br>","<br","<br>"),$string);
return $string;
}
For text area use this function
function escapeTextarea($string){
$string=str_replace(array('\n','\r\n','\r'),array("\n","\r\n","\r"),$string);
return $string;
}
call appropriate function and pass argument
I have text area and when the user submit the form I save the data into my db
in db the line breaks work excellently but when displaying them back with echo the line breaks disappear :(
I check all things and removed all validation functions like strip_tags and so on just printed it pure from db but the same thing so can anyone tell me what went wrong ?
thnx in advance
Line breaks in textarea is \r\n while for browsers it's just white-space. You need to replace them with <br /> tag. php took care of it and you have nl2br function for that:
echo nl2br($stringFromDB);
Note: when you output user-input always escape it at first. So basically you should be doing:
// Chaining functions like this is bad. Avoid in real world apps.
echo nl2br(htmlspecialchars($stringFromDB, ENT_QUOTES, 'UTF-8'));
I have a text field that inserts its content into an SQL table. Often, I will want this content to have <p> html tags within, based on line breaks in the text field. I have tried doing a replace before inserting:
str_replace("</p><p>", "\n", $_POST["body"]);
and I have tried doing a replace with escape characters:
str_replace("</p><p>", "\n", $_POST["body"]);
with no success. Meaning they still appear as text field line breaks. There is no security issue as the field can only be accessed by an administrator. Thank you for your help.
it seems both times you are trying to replace contrary - a </p><p> to \n which obviously fails
try to swap str_replace argumants.
I don't understand what SQL has to do here though
How about replacing each separately?
str_replace(array("</p>", "<p>"), array("\n","\n"), $_POST["body"]);
I think the problem is in " latter, like google, try replacing it with ' or call function addslashes() on your text.
I have a form into which I entered a newline character which looked correct when I entered it, but when the data is now pulled from the database, instead of the white space, I get the \n\r string showing up.
I try to do this:
$hike_description = nl2br($hike_description);
But it doesn't work. Does anyone know how this can be fixed? I am using PHP.
And here is the page where this is happening. See the description section of the page:
http://www.comehike.com/hikes/scheduled_hike.php?hike_id=130
Thanks,
Alex
Does anyone know how this can be fixed?
Sure.
Your code doing unnecessary escaping, most likely before adding text to the database.
So, instead of replacing it back, you have to find that harmful code and get rid of it.
This means, you have probably plain text '\n\r' strings in the db.
Try to sanitize db output before display:
$sanitized_text = preg_replace('/\\[rn]/','', $text_from_db);
(just a guess).
Addendum:
Of course, as Col. Shrapnel pointed out, there's something fundamentally wrong
with the contents of the database (or, it is used this way by convention and you don't know that).
For now, you have fixed a symptom partially
but it would be much better to look for the reason for these escaped characters
being in the database at all.
Regards
rbo
You can use str_replace to clean up the input.
$hike_description = nl2br(str_replace("\r\n", "\n", $hike_description));
$hike_description = str_replace(array('\n','\r'),'',$hike_description);
You may want to read up on the differences between the single quote and double quote in PHP as well: http://php.net/manual/en/language.types.string.php
I'm using PHP to create some basic HTML. The tags are always the same, but the actual links/titles correspond to PHP variables:
$string = '<p style="..."><strong><i>'.$title[$i].'</i></strong>
<br>';
echo $string;
fwrite($outfile, $string);
The resultant html, both as echoed (when I view the page source) and in the simple txt file I'm writing to, reads as follows:
<p style="..."><a href="http://www.example.com
"><strong><i>Example Title
</i></strong></a></p>
<br>
While this works, it's not exactly what I want. It looks like PHP is adding a line break every time I interrupt the string to insert a variable. Is there a way to prevent this behavior?
Whilst it won't affect your HTML page at all with the line breaks (unless you are using pre or text-wrap: pre), you should be able to call trim() on those variables to remove newlines.
To find out if your variable has a newline at front or back, try this regex
var_dump(preg_match('/^\n|\n$/', $variable));
(I think you have to use single quotes so PHP doesn't turn your \n into a literal newline in the string).
My guess is your variables are to blame. You might try cleaning them up with trim: http://us2.php.net/trim.
The line breaks show up because of multi-byte encoding, I believe. Try:
$newstring = mb_substr($string_w_line_break,[start],[length],'UTF-8');
That worked for me when strange line breaks showed up after parsing html.