Problem with Addslashes.

Phrank

I have a customer database. It has a text field called Gnotes which are comments. I use the type of Text instead of Varchar, etc.

I use Addslashes to prep the text field before I add it to the mysql database. When I try to get it back it works great if I put the data in a textarea but not if I just try to print it in a table cell.

I have tried stripslashes() and htmlspecialchars() to no avail.

What am I doing wrong?

Here is my code. Gnotes = the text field. All the data appears on 1 line and ignores carriage returns.

print "<tr colspan=\"2\" bgcolor =\"#DBD5B7\">\n";
$notes = stripslashes($row['Gnotes']);
echo "<td>";
echo $notes;
echo "</td></tr>";

suntra

First, you should use MySQL escaping function : mysql_real_escape_string() (if using MySQL) or mysqli_real_escape_string() (if using MySQLi extension).

Second, when you get the value from the DB, you don't need to "stripslashes" since they are returned normally....

So let's say :

User writes : The lion is very 'special'

mysqli_real_escape_string() => The lion is very\'special\'

Insert in DB

In the DB, it will be => The lion is very 'special'

Get from DB => The lion is very 'special'

Output => The lion is very 'special'

Phrank

Didn't seem to help. If I use <textarea> inside of a table cell it works great. If I leave out the <textarea> it all prints on 1 line.

Confused.
// this does not work.
print "<tr colspan=\"2\" bgcolor =\"#DBD5B7\">\n";
$notes = $row['Gnotes'];
echo "<td>";
echo $notes;
echo "</td></tr>";

// This does. Why?
print "<tr colspan=\"2\" bgcolor =\"#DBD5B7\">\n";
$notes = $row['Gnotes'];
echo "<td>";
echo '<textarea cols="66" rows="6" />'
echo $notes;
echo '</textarea>';
echo "</td></tr>";

Piranha

If it is the line breaks you have trouble with then use [man]nl2br[/man]:

print "<tr colspan=\"2\" bgcolor =\"#DBD5B7\">\n";
$notes = $row['Gnotes'];
echo "<td>";
echo nl2br($notes);
echo "</td></tr>";

To be sure that it is always right I use htmlspecialchars when writing in textboxes. Look at this example and you will see why:

$test = "testing ' sign";
$test2 = 'testing " sign';
echo "<input type='text' value='" . $test . $test2 . "'>";

Phrank

Thank you sooooo much for your time. 🙂