• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1541
  • Last Modified:

Preserving special characters and carriage returns from textarea into database

I have a form with a textarea and I want to insert the textarea value into a table...here is the table structure and code:

messageid INT
type TINYINT
authorid INT
datetime DATETIME
subject VARCHAR 100
message MEDIUMTEXT

And here is the code:
$sql = "INSERT INTO messages ";
$sql .= "(";
$sql .= "type, ";
$sql .= "authorid, ";
$sql .= "datetime, ";
$sql .= "subject, ";
$sql .= "message";
$sql .= ") VALUES (";
$sql .= "0, ";
$sql .= $fromuserid . ", ";
$sql .= "\"" . date("Y-m-d H:i:s", time()) . "\", ";
$sql .= "\"" . $subject . "\", ";
$sql .= "\"" . addslashes($message) . "\"";
$sql .= ")";
$safesql = & new SafeSQL_MySQL; //class module to protect against SQL injection attacks
$sql = $safesql->query($sql);
mysql_select_db($mysql);
mysql_query($sql);      

This inserts this text fine:
"

------------ Original Message -----------
From: <a href="profile.php?id=71">Meggie D</a>
Date: 2007-11-19 10:58 AM

Testing 1..2..3...
"

However, upon selecting and displaying this data, it seems as if somewhere in the process all the line feeds and carriage returns got stripped or do not come back out of the table correctly.

Any ideas as to what it is I'm doing wrong?

Thanks.
0
HarpuaFSB
Asked:
HarpuaFSB
1 Solution
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
you have to be aware that the newline, in html, will do nothing.
you have, for the linebreak in html to get "visible", be translated into the string <br>.

check out the nl2br() function of php for that

0
 
nizsmoDeveloperCommented:
as angellll said, it is because the newline "\n" character won't be displayed in html, so you will need to do this when you insert and it will convert the newline characters into <br>'s:


$sql = "INSERT INTO messages ";
$sql .= "(";
$sql .= "type, ";
$sql .= "authorid, ";
$sql .= "datetime, ";
$sql .= "subject, ";
$sql .= "message";
$sql .= ") VALUES (";
$sql .= "0, ";
$sql .= $fromuserid . ", ";
$sql .= "\"" . date("Y-m-d H:i:s", time()) . "\", ";
$sql .= "\"" . $subject . "\", ";
$sql .= "\"" . nl2br(addslashes($message)) . "\"";
$sql .= ")";
$safesql = & new SafeSQL_MySQL; //class module to protect against SQL injection attacks
$sql = $safesql->query($sql);
mysql_select_db($mysql);
mysql_query($sql);  

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now