Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
so i use mysql_real_escape_string to sanitize some user input before entering it into the db, i would like to know how do i go about “reversing” this function so that when i output to the screen all escaped characters like /n /r get converted to actual new lines…thanks!
also, what is the difference between /n and /r?
mysql_real_escape_string()doesn’t add slashes to stored data. It escapes characters so they can be passed safely through the mysql engine. The data is stored as is, without slashes.As such you don’t need to use
stripslashes()when outputting from the database any data escaped with them.If you’re seeing extra slashes it’s because you’re either adding them somewhere, with say
addslashes()ormagic_quotes_gpc()is turned on.As has been noted \r \n are not escaped they are line breaks. Only use
stripslashes()on data that has escape slashes included or you risk removing essential slashes.Edited to add:
The only time you’d want to strip slashes from
mysql_real_escape_string()is if you did so before storing data, say if you for some reason escaped data the minute you got it from a form then echoed it out in an error message/pre-populated form field.