Solved

real_escape_string Usage

Posted on 2016-11-15
4
46 Views
Last Modified: 2016-11-15
I use   $data = $mysqli->real_escape_string($data);
But the output has /r/n

Should i store it into my database like this?
What do you suggest i should do?
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 41887632
You should store exactly what you need in the database.  If the \r\n (end-of-line characters) are meaningful, store them.  If not, you might want to use PHP trim() to remove them.
0
 
LVL 57

Accepted Solution

by:
Julian Hansen earned 250 total points
ID: 41887638
The question is - do you need the \r\n in the string. For instance if it is at the end of the string you could probably trim() it. If it is in the string - as part of the formatting then you probably don't want to remove it.

The answer to the question is dependent on how the data will be viewed.

Any modifications to the data you make should be reversible to the extent that when displayed does not alter the intended layout of the data.

There is no problem with keeping the CR LF in the string.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41887649
See also: https://www.experts-exchange.com/questions/28983112/real-escape-string-Usage.html#a41887646
The output probably has backslashes like this: \r\n.  These are end-of-line ("EOL") characters, roughly termed "carriage return" and "new line."  They probably come from a PC file or document, since Unix uses only one EOL, the \n.


You should store them if they are meaningful in the context of the data and if your application needs them.  Otherwise you can trim() them off.  It is possible to remove them from the interior of a data string, but it's a little more involved, and it's less likely that you would want to make a change in the middle of a data string.

These EOL characters interact with real_escape_string() functions because they contain backslashes that have programmatic meaning (just like escaped apostrophes).  The MySQLi engine strips backslashes automatically, with the understanding that it expects to receive escaped data, and store exact representations of the data.
0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41887978
Thank you
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question