I have a textarea that I need to process and put into a mysql database table. What is the best way to strip out all the special characters(&, ', ", >, <) and replace the line breaks (\n) to html breaks (<br >)?
Right now, I'm doing all three of these:
$WC_P_just = htmlspecialchars($_POST['WC_P_just'], ENT_QUOTES); // script 1
$WC_P_just = stripslashes($_POST['WC_P_just']); // script 2
$WC_P_just = nl2br($_POST['WC_P_just']); // script 3
However, I keep getting breaks where I don't want them, where they weren't entered in the text box. I can't seem to figure out why.
A bit of background:
This travels between 3 scripts. The first script has the input box with an action for script 2. In Script 2, I do the stripslashes. Script 2 displays the information (correctly) and has a message: "Is the correct [YES] [NO]. If they click [NO] they are sent back to script one to make their corrections. If they click [YES] they are sent to the final script which writes to the database and displays a Thank You message.
When I view source on script 2, the display is fine, but the hidden field has what I'm assuming are \n breaks about every 25-30 characters. The reason I think this is that they text is displayed on multiple line and when I go to the 3rd script, where I do the nl2br just before writing to the db, it puts <br />s in where those line breaks were in script 2.
As I've been writing this, I've had an idea or two, but I'd like to get your input on why this is happening.
Thanks,
Alisa
