0

I created a function that checks if value in database is the same as value from submitted form. The function has to compare both data and update only if they are different, but doesn't work properly. $value comes from $_POST textarea:

$value = mysql_real_escape_string($value);
$result = mysql_query("SELECT info FROM database1 WHERE id=1 "); $row = mysql_fetch_row($result);
if ($value == $row[0]) echo "The same!";
else echo "They are different!";

The problem is about line breaks. Data from database in html source view looks like that:

line1
line2

Data from POST in html source view:

line1\r\nline2

So when I compare these both it's different, but in fact they are the same from database point of view. I tried $value = str_replace('\r\n','', $value); and $value = str_replace('\r\n','<br>', $value); for data from POST and it doesn't help. Maybe I should replace \r\n into something different, but for what?

Lucas
  • 2,924
  • 8
  • 27
  • 32
  • Proper is if you don't use `mysql_*` functions anymore because they're deprecated. Use `PDO` or `mysqli` instead. – TiMESPLiNTER Jul 29 '14 at 06:42
  • Do the replacement in both the values, not just Posted value – Hanky Panky Jul 29 '14 at 06:43
  • I know I should use new ones, but it's only for local simple tasks. Not for any serious coding. – Lucas Jul 29 '14 at 06:43
  • 1
    Read http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?lq=1 and http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – user2864740 Jul 29 '14 at 07:04

1 Answers1

1

Try 

if ($value == mysql_real_escape_string($row[0]))

The function mysql_real_escape_string() convert string as you convert post data

Code Baba
  • 118
  • 1
  • 2
  • 9