Before someone suggests stripslashes() I know about that, magic_quotes_gpc() is off (I even check it in the script) but when the input appears in the database it comes in with \\r\\n all over the place. I could understand it if magic_quotes_gpc() was on but its' definitely not so it should come through as \r\n.
And it would't even matter if it was turned on... Because it shouldn't escape backaslashes.
Edit: Worked it out. It was mysql_real_escape_string which I didn't actually realise escaped \n etc.
So I assume it shouldn't go into the datbase as \\r\\n so what is the best way of inputting/outputting it?
As a test this is what is output when I enter
'Line 1
Line 2'
Into a text field and then output it.
line 1 line 2 (before anyting is done to it, i.e no mysql_real_escape_string)
line 1\r\n\r\nline 2 (after)
This is my sanitize function:
Code: Select all
function sanitize_data($data, $strip, $strip_execeptions) {
$data = trim($data);
if(get_magic_quotes_gpc()) {
$data = stripslashes($data);
}
require_once("functions_database.php");
$conn = connect_to_database();
$data = mysql_real_escape_string($data);
if($strip && strlen($strip_execeptions) == 0) {
$data = strip_tags($data);
} else if($strip && strlen($strip_execeptions) >= 3) {
$data = strip_tags($data, $strip_execeptions);
}
return $data;
}Thanks.