0

I collect emails from my mailserver with imap_mail (php), explode the result and save it to database after using mysql_real_escape_string.

If I display it in a textarea after retrieving from db, all linefeeds are gone or replaced by \r etc.

without mysql_real_escape_string they are displayed.

How do I get them back if I escape? Or rather, as I do not have access to that part of the php code that display in the text area: how do I protect the strings from sql injection so that linefeeds are still shown?

many thanks,

Klaus

opto
  • 57
  • 6
  • 1
    when you take it out of the database, it should display fine and in the format you put it in there... you don't need to undo `mysql_real_escape_string` when you pull the data out later. – gloomy.penguin Nov 05 '13 at 21:28
  • 1
    There is something else going on, mysql_real_escape_string will not do what you are saying. – AbraCadaver Nov 05 '13 at 21:28
  • 1
    `mysql_*` functions are being deprecated, it would be in your best interest to make new coding use the `mysqli_*` functions. `mysqli_real_escape_string($con, data);` – iam-decoder Nov 05 '13 at 21:29

1 Answers1

0

How do I get them back if I escape?

this function never interfere with linefeeds, if used properly. so, it's some other code that interfere.

how do I protect the strings from sql injection

Use prepared statements.

And get rid of whatever code that spoils your linefeeds.

Community
  • 1
  • 1
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345