Solved

Php form output

Posted on 2016-11-15
5
14 Views
Last Modified: 2016-11-15
Dear experts,

I use below string to escape from sql injection,

$comment = $mysqli->real_escape_string($comment);

But the output has /r/n

Should i store the customer comment data like this?
What do you suggest i should do?

I also email this output

I can send the original message email store the data like this?
0
Comment
Question by:Braveheartli
  • 3
5 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41887655
You should store the end-of-line characters if they have programmatic meaning.  If they come from a client comment, submitted via a web form, they probably have meaning and should be stored.  They will work just fine in email.

What will not work well in email is JavaScript or unwanted HTML markup.  Consider using htmlentities() to sanitize these strings before browser output or email.
1
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 41887661
And in a semi-related matter...

This is a data-dependent question, with a lot of widely variable context.  When you have questions like this one, it's wise to show us your test data, and tell us how the data is going to be used.  Then we can provide more focused responses, and maybe even code examples.
0
 
LVL 54

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 41887662
A \r\n indicates a line break - which is ignored in HTML. If your email is an HTML email and you want the line break to be visible you would need to look at functions like nl2br().

However, the question is about storing the \r\n and as commented in your other question https://www.experts-exchange.com/questions/28983113/real-escape-string-Usage.html - if the \r\n has relevance for the output later then store it.
0
 
LVL 9

Expert Comment

by:Moussa Mokhtari
ID: 41887664
I totally agree with Ray , its up to you whether you save it or not after all if you are going to show \r\n on client side it will not show any thing !.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 41887709
... it will not show any thing
That's almost right.  It will show something, and that something will be only a single blank (space) character.  Browsers collapse consecutive whitespace characters into a single blank.  That means that five blanks looks the same in the browser viewport as one blank.  Three tabs and a line feed?  Looks like one blank. One blank?  Looks like one blank.  Forty-five EOL characters?  Yep, you guessed it!

You can tell these things apart by using "view source" to see where the rendered document contains the original formatting characters.

You can also use the <pre> tag in HTML to see the original formatting.  You can't readily tell the \r from the \n (no visual cue) but you can see most of the formatting.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article discusses four methods for overlaying images in a container on a web page
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question