Solved

Php form output

Posted on 2016-11-15
5
17 Views
Last Modified: 2016-11-15
Dear experts,

I use below string to escape from sql injection,

$comment = $mysqli->real_escape_string($comment);

But the output has /r/n

Should i store the customer comment data like this?
What do you suggest i should do?

I also email this output

I can send the original message email store the data like this?
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41887655
You should store the end-of-line characters if they have programmatic meaning.  If they come from a client comment, submitted via a web form, they probably have meaning and should be stored.  They will work just fine in email.

What will not work well in email is JavaScript or unwanted HTML markup.  Consider using htmlentities() to sanitize these strings before browser output or email.
1
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41887661
And in a semi-related matter...

This is a data-dependent question, with a lot of widely variable context.  When you have questions like this one, it's wise to show us your test data, and tell us how the data is going to be used.  Then we can provide more focused responses, and maybe even code examples.
0
 
LVL 56

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 41887662
A \r\n indicates a line break - which is ignored in HTML. If your email is an HTML email and you want the line break to be visible you would need to look at functions like nl2br().

However, the question is about storing the \r\n and as commented in your other question https://www.experts-exchange.com/questions/28983113/real-escape-string-Usage.html - if the \r\n has relevance for the output later then store it.
0
 
LVL 9

Expert Comment

by:Moussa Mokhtari
ID: 41887664
I totally agree with Ray , its up to you whether you save it or not after all if you are going to show \r\n on client side it will not show any thing !.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41887709
... it will not show any thing
That's almost right.  It will show something, and that something will be only a single blank (space) character.  Browsers collapse consecutive whitespace characters into a single blank.  That means that five blanks looks the same in the browser viewport as one blank.  Three tabs and a line feed?  Looks like one blank. One blank?  Looks like one blank.  Forty-five EOL characters?  Yep, you guessed it!

You can tell these things apart by using "view source" to see where the rendered document contains the original formatting characters.

You can also use the <pre> tag in HTML to see the original formatting.  You can't readily tell the \r from the \n (no visual cue) but you can see most of the formatting.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question