Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Search

Ask A Question

0

Editorial Team

Asked: May 29, 20262026-05-29T06:38:47+00:00 2026-05-29T06:38:47+00:00

I don’t understand why mysql_real_escape_string needs to escape new line and carriage return chars:

0

I don’t understand why mysql_real_escape_string needs to escape new line and carriage return chars:

\n and \r

What could be the security holes in a sql with \n and \r ?

UPDATE tbl SET field = 'text text text \n text text text \r text text' WHERE id = 1;

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team
2026-05-29T06:38:48+00:00Added an answer on May 29, 2026 at 6:38 am
MySQL doesn’t require the newline character to be escaped. The manual page for the mysql_real_escape_string function of MySQL’s C API says:

Characters encoded are “\”, “'”, “"”, NUL (ASCII 0), “\n”, “\r”, and Control+Z. Strictly speaking, MySQL requires only that backslash and the quote character used to quote the string in the query be escaped. mysql_real_escape_string() quotes the other characters to make them easier to read in log files.
0

Reply

Share
Share

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on WhatsApp

Report