Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
3
$commentText = mysql_real_escape_string($_POST['commentArea']); $commentText = trim($commentText);
3 replies to this topic
#1
Posted 15 August 2011 - 06:42 AM
thatsme
-
- Members
-
- 176 posts
Programmer
Hi. Let's say i have a form with textarea. Then I type 6 in the textarea and press Enter two times. After that i press submit and php code starts to run. It uses function trim() to remove the effect of those two pushes of Enter from textarea's value. Then php print the value of textarea and the result is: 6\r\n\r\n. WHY? I used trim(). Here's the code:
Back to top|
|
|
#2
Posted 15 August 2011 - 06:50 AM
Vaielab
-
- Members
-
- 547 posts
Programming God
I'm not 100% sure, but try to trim before mysql_real_escape_string
Since mysql_real_escape_string will escape the \r\n chars, and trim are looking for thoses char unscaped, this might be the problem
Since mysql_real_escape_string will escape the \r\n chars, and trim are looking for thoses char unscaped, this might be the problem
#3
Posted 15 August 2011 - 01:32 PM
Alexander
-
- Moderators
-
- 4,124 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
php.net/mysql_real_escape_string said:
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
This is to prevent expansion of the string, and thus render either malformed encoding during transportation, or malicious use less likely. You will need to follow Vaielab's advice.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
