• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1538
  • Last Modified:

Preserving special characters and carriage returns from textarea into database

I have a form with a textarea and I want to insert the textarea value into a table...here is the table structure and code:

messageid INT
type TINYINT
authorid INT
datetime DATETIME
subject VARCHAR 100
message MEDIUMTEXT

And here is the code:
$sql = "INSERT INTO messages ";
$sql .= "(";
$sql .= "type, ";
$sql .= "authorid, ";
$sql .= "datetime, ";
$sql .= "subject, ";
$sql .= "message";
$sql .= ") VALUES (";
$sql .= "0, ";
$sql .= $fromuserid . ", ";
$sql .= "\"" . date("Y-m-d H:i:s", time()) . "\", ";
$sql .= "\"" . $subject . "\", ";
$sql .= "\"" . addslashes($message) . "\"";
$sql .= ")";
$safesql = & new SafeSQL_MySQL; //class module to protect against SQL injection attacks
$sql = $safesql->query($sql);
mysql_select_db($mysql);
mysql_query($sql);      

This inserts this text fine:
"

------------ Original Message -----------
From: <a href="profile.php?id=71">Meggie D</a>
Date: 2007-11-19 10:58 AM

Testing 1..2..3...
"

However, upon selecting and displaying this data, it seems as if somewhere in the process all the line feeds and carriage returns got stripped or do not come back out of the table correctly.

Any ideas as to what it is I'm doing wrong?

Thanks.
0
HarpuaFSB
Asked:
HarpuaFSB
1 Solution
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
you have to be aware that the newline, in html, will do nothing.
you have, for the linebreak in html to get "visible", be translated into the string <br>.

check out the nl2br() function of php for that

0
 
nizsmoDeveloperCommented:
as angellll said, it is because the newline "\n" character won't be displayed in html, so you will need to do this when you insert and it will convert the newline characters into <br>'s:


$sql = "INSERT INTO messages ";
$sql .= "(";
$sql .= "type, ";
$sql .= "authorid, ";
$sql .= "datetime, ";
$sql .= "subject, ";
$sql .= "message";
$sql .= ") VALUES (";
$sql .= "0, ";
$sql .= $fromuserid . ", ";
$sql .= "\"" . date("Y-m-d H:i:s", time()) . "\", ";
$sql .= "\"" . $subject . "\", ";
$sql .= "\"" . nl2br(addslashes($message)) . "\"";
$sql .= ")";
$safesql = & new SafeSQL_MySQL; //class module to protect against SQL injection attacks
$sql = $safesql->query($sql);
mysql_select_db($mysql);
mysql_query($sql);  

Open in new window

0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now