• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 33
  • Last Modified:

Php form output

Dear experts,

I use below string to escape from sql injection,

$comment = $mysqli->real_escape_string($comment);

But the output has /r/n

Should i store the customer comment data like this?
What do you suggest i should do?

I also email this output

I can send the original message email store the data like this?
0
Braveheartli
Asked:
Braveheartli
  • 3
2 Solutions
 
Ray PaseurCommented:
You should store the end-of-line characters if they have programmatic meaning.  If they come from a client comment, submitted via a web form, they probably have meaning and should be stored.  They will work just fine in email.

What will not work well in email is JavaScript or unwanted HTML markup.  Consider using htmlentities() to sanitize these strings before browser output or email.
1
 
Ray PaseurCommented:
And in a semi-related matter...

This is a data-dependent question, with a lot of widely variable context.  When you have questions like this one, it's wise to show us your test data, and tell us how the data is going to be used.  Then we can provide more focused responses, and maybe even code examples.
0
 
Julian HansenCommented:
A \r\n indicates a line break - which is ignored in HTML. If your email is an HTML email and you want the line break to be visible you would need to look at functions like nl2br().

However, the question is about storing the \r\n and as commented in your other question https://www.experts-exchange.com/questions/28983113/real-escape-string-Usage.html - if the \r\n has relevance for the output later then store it.
0
 
Moussa MokhtariEnterpreneurCommented:
I totally agree with Ray , its up to you whether you save it or not after all if you are going to show \r\n on client side it will not show any thing !.
0
 
Ray PaseurCommented:
... it will not show any thing
That's almost right.  It will show something, and that something will be only a single blank (space) character.  Browsers collapse consecutive whitespace characters into a single blank.  That means that five blanks looks the same in the browser viewport as one blank.  Three tabs and a line feed?  Looks like one blank. One blank?  Looks like one blank.  Forty-five EOL characters?  Yep, you guessed it!

You can tell these things apart by using "view source" to see where the rendered document contains the original formatting characters.

You can also use the <pre> tag in HTML to see the original formatting.  You can't readily tell the \r from the \n (no visual cue) but you can see most of the formatting.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now