Odd \\r\\n problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Odd \\r\\n problem

Post by oscardog »

Hey,

Before someone suggests stripslashes() I know about that, magic_quotes_gpc() is off (I even check it in the script) but when the input appears in the database it comes in with \\r\\n all over the place. I could understand it if magic_quotes_gpc() was on but its' definitely not so it should come through as \r\n.

And it would't even matter if it was turned on... Because it shouldn't escape backaslashes.

Edit: Worked it out. It was mysql_real_escape_string which I didn't actually realise escaped \n etc.

So I assume it shouldn't go into the datbase as \\r\\n so what is the best way of inputting/outputting it?

As a test this is what is output when I enter

'Line 1

Line 2'

Into a text field and then output it.

line 1 line 2 (before anyting is done to it, i.e no mysql_real_escape_string)
line 1\r\n\r\nline 2 (after)

This is my sanitize function:

Code: Select all

function sanitize_data($data, $strip, $strip_execeptions) {
	$data = trim($data);
	
	if(get_magic_quotes_gpc()) {
		$data = stripslashes($data);
	}
	
	require_once("functions_database.php");
	$conn = connect_to_database();
	
	$data = mysql_real_escape_string($data);
	
	if($strip && strlen($strip_execeptions) == 0) {
		$data = strip_tags($data);		
	} else if($strip && strlen($strip_execeptions) >= 3) {
		$data = strip_tags($data, $strip_execeptions);
	}
	
	return $data;
}
As a test I setup a small insert/select script, with the function above. It works a dream, so how come it doesn't work all of the time (there are ones with \\r\\n in the database)?

Thanks.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Odd \\r\\n problem

Post by social_experiment »

oscardog wrote:So I assume it shouldn't go into the datbase as \\r\\n so what is the best way of inputting/outputting it?
It probably should because if you write it to the database without escaping it you are risking SQL injections. I would opt for stripslashes() to display the data.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: Odd \\r\\n problem

Post by oscardog »

Ok a bit of a follow up.

This is output into a textfield:
Certificate in Mechanical Engineering\r\nBSc (ordinary degree) in Production Engineering\r\nBSc (higher degree) in Manufacturing and Management Engineering
So in theory the textfield should automatically format that with line breaks, right?

Well, it doesn't.

And when I do the following:

Code: Select all

str_replace("\\r\\n", "\r\n", $array['valueWithRNs']);
It then formats it... How does that work?

I simply replaced \r\n with \r\n!

Any help is greatly appreciated!
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Odd \\r\\n problem

Post by AbraCadaver »

What is magic_quotes_runtime set to?
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: Odd \\r\\n problem

Post by oscardog »

Off, as expected.

A few more tests. I had a textfield that was submited to a database and then output.

Pre-sanitized data (so raw POST data) comes out as shown below (using nl2br, if you don't use nl2br it just has spaces rather than new lines)
test

1

'a
Then, after using the sanitize function above this is the output (also nl2br)
test\r\n\r\n1\r\n\r\n\'a
So that looks perfect to me, it has escaped everything it should've.

I then output that row, pulling it straight from the database and using nl2br() and the following is output:
test

1

'a
So it is displayed perfectly with no double-backslashed \r\n and all the data is sanitised as it should be. I'm completely confused with no idea what is going on, I don't s'pose this is browser-related and IE6 (or something stupid) has an odd way of posting carriage returns?

Edit: Tested in IE6. Works as intended. Can't imagine it being a mac-related problem either... And i'm pretty sure it isn't browser-related.

Once again, help is greatly appreciated! :banghead:
Post Reply