Page 1 of 1

Odd \\r\\n problem

Posted: Thu Apr 14, 2011 3:25 am
by oscardog
Hey,

Before someone suggests stripslashes() I know about that, magic_quotes_gpc() is off (I even check it in the script) but when the input appears in the database it comes in with \\r\\n all over the place. I could understand it if magic_quotes_gpc() was on but its' definitely not so it should come through as \r\n.

And it would't even matter if it was turned on... Because it shouldn't escape backaslashes.

Edit: Worked it out. It was mysql_real_escape_string which I didn't actually realise escaped \n etc.

So I assume it shouldn't go into the datbase as \\r\\n so what is the best way of inputting/outputting it?

As a test this is what is output when I enter

'Line 1

Line 2'

Into a text field and then output it.

line 1 line 2 (before anyting is done to it, i.e no mysql_real_escape_string)
line 1\r\n\r\nline 2 (after)

This is my sanitize function:

Code: Select all

function sanitize_data($data, $strip, $strip_execeptions) {
	$data = trim($data);
	
	if(get_magic_quotes_gpc()) {
		$data = stripslashes($data);
	}
	
	require_once("functions_database.php");
	$conn = connect_to_database();
	
	$data = mysql_real_escape_string($data);
	
	if($strip && strlen($strip_execeptions) == 0) {
		$data = strip_tags($data);		
	} else if($strip && strlen($strip_execeptions) >= 3) {
		$data = strip_tags($data, $strip_execeptions);
	}
	
	return $data;
}
As a test I setup a small insert/select script, with the function above. It works a dream, so how come it doesn't work all of the time (there are ones with \\r\\n in the database)?

Thanks.

Re: Odd \\r\\n problem

Posted: Thu Apr 14, 2011 12:25 pm
by social_experiment
oscardog wrote:So I assume it shouldn't go into the datbase as \\r\\n so what is the best way of inputting/outputting it?
It probably should because if you write it to the database without escaping it you are risking SQL injections. I would opt for stripslashes() to display the data.

Re: Odd \\r\\n problem

Posted: Tue Apr 19, 2011 3:46 am
by oscardog
Ok a bit of a follow up.

This is output into a textfield:
Certificate in Mechanical Engineering\r\nBSc (ordinary degree) in Production Engineering\r\nBSc (higher degree) in Manufacturing and Management Engineering
So in theory the textfield should automatically format that with line breaks, right?

Well, it doesn't.

And when I do the following:

Code: Select all

str_replace("\\r\\n", "\r\n", $array['valueWithRNs']);
It then formats it... How does that work?

I simply replaced \r\n with \r\n!

Any help is greatly appreciated!

Re: Odd \\r\\n problem

Posted: Tue Apr 19, 2011 12:40 pm
by AbraCadaver
What is magic_quotes_runtime set to?

Re: Odd \\r\\n problem

Posted: Thu Apr 21, 2011 3:42 am
by oscardog
Off, as expected.

A few more tests. I had a textfield that was submited to a database and then output.

Pre-sanitized data (so raw POST data) comes out as shown below (using nl2br, if you don't use nl2br it just has spaces rather than new lines)
test

1

'a
Then, after using the sanitize function above this is the output (also nl2br)
test\r\n\r\n1\r\n\r\n\'a
So that looks perfect to me, it has escaped everything it should've.

I then output that row, pulling it straight from the database and using nl2br() and the following is output:
test

1

'a
So it is displayed perfectly with no double-backslashed \r\n and all the data is sanitised as it should be. I'm completely confused with no idea what is going on, I don't s'pose this is browser-related and IE6 (or something stupid) has an odd way of posting carriage returns?

Edit: Tested in IE6. Works as intended. Can't imagine it being a mac-related problem either... And i'm pretty sure it isn't browser-related.

Once again, help is greatly appreciated! :banghead: