Solved

Php form output

Posted on 2016-11-15
5
13 Views
Last Modified: 2016-11-15
Dear experts,

I use below string to escape from sql injection,

$comment = $mysqli->real_escape_string($comment);

But the output has /r/n

Should i store the customer comment data like this?
What do you suggest i should do?

I also email this output

I can send the original message email store the data like this?
0
Comment
Question by:Braveheartli
  • 3
5 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41887655
You should store the end-of-line characters if they have programmatic meaning.  If they come from a client comment, submitted via a web form, they probably have meaning and should be stored.  They will work just fine in email.

What will not work well in email is JavaScript or unwanted HTML markup.  Consider using htmlentities() to sanitize these strings before browser output or email.
1
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41887661
And in a semi-related matter...

This is a data-dependent question, with a lot of widely variable context.  When you have questions like this one, it's wise to show us your test data, and tell us how the data is going to be used.  Then we can provide more focused responses, and maybe even code examples.
0
 
LVL 52

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 41887662
A \r\n indicates a line break - which is ignored in HTML. If your email is an HTML email and you want the line break to be visible you would need to look at functions like nl2br().

However, the question is about storing the \r\n and as commented in your other question https://www.experts-exchange.com/questions/28983113/real-escape-string-Usage.html - if the \r\n has relevance for the output later then store it.
0
 
LVL 9

Expert Comment

by:Moussa Mokhtari
ID: 41887664
I totally agree with Ray , its up to you whether you save it or not after all if you are going to show \r\n on client side it will not show any thing !.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41887709
... it will not show any thing
That's almost right.  It will show something, and that something will be only a single blank (space) character.  Browsers collapse consecutive whitespace characters into a single blank.  That means that five blanks looks the same in the browser viewport as one blank.  Three tabs and a line feed?  Looks like one blank. One blank?  Looks like one blank.  Forty-five EOL characters?  Yep, you guessed it!

You can tell these things apart by using "view source" to see where the rendered document contains the original formatting characters.

You can also use the <pre> tag in HTML to see the original formatting.  You can't readily tell the \r from the \n (no visual cue) but you can see most of the formatting.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Healthcheck 2 84
Hacked File Timestamps 4 49
Whether to store ID's or text values for detailed information 3 20
Session timeout 5 13
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Find out what you should include to make the best professional email signature for your organization.
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now