1

So I enter

hello \n \n my friend \n !

into a textarea. Then I store it into db, I retrieve it, and what I get is

hello

my friend
!

But I did not want the \n get translated into actual newlines.

So this is my example setup:

<textarea name="mytextarea">$mytext</textarea>

on the server i do:

store

$mydbtextstore = $_POST["mytextarea"];

$modsql = " UPDATE mytable SET text = " . "'" . $mydbtextstore . "'" ;
mysql_query($modsql, $conn) or die(mysql_error());

retrieve

$descSQL = " SELECT  text
               FROM mytable;"
$descRes = mysql_query($descSQL, $conn) or die(mysql_error());
$descRow = mysql_fetch_array($descRes);
$mytext = $descRow["text"];

What am I missing? The textarea MUST reproduce and contain this:

\n

Toskan
  • 13,911
  • 14
  • 95
  • 185
  • you actully typed in `\n` ? –  Sep 18 '14 at 22:42
  • 3
    [***YOUR CODE IS DANGEROUSLY FLAWED. STOP WHATEVER YOU'RE DOING AND READ THIS.***](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Also, stop using PHP's `mysql_` functions. They're deprecated and will soon disappear. Start again using the [MySQL Improved](http://php.net/mysqli) functions. – r3mainer Sep 18 '14 at 23:01
  • @dagon yes thats what I want – Toskan Sep 18 '14 at 23:30
  • aside the sql injection that is out of question scope , why do you need to print \n – Kamal Saleh Sep 18 '14 at 23:34
  • @KamalSaleh the text gets read by PlantUML to draw an activity diagram. – Toskan Sep 18 '14 at 23:54

2 Answers2

1

You could use a str_replace like this, after the retrieving of the data.

$mytext = str_replace("\","&#92;",$mytext);

You will replace the slash with its html-entity if you use this code.

EDIT: or use htmlentities on the whole string.

Jeroen de Jong
  • 337
  • 1
  • 6
  • @squeamishossifrage Using `mysql_` functions are unsafe but it does not mean the answer should be downvoted because it still address the issue of replacing line breaks from the textarea. – Terry Sep 18 '14 at 23:29
  • @squeamishossifrage I can't remember asking for sql injection. – Toskan Sep 18 '14 at 23:30
  • I tried using `echo str_replace("\\","\","a \n b \n c"); echo "a \n b \n c";echo htmlspecialchars("a \n b \n c" , ENT_COMPAT , "ISO-8859-1");echo htmlentities ("a \n b \n c");` on http://writecodeonline.com/php/ . Nothing seems to work – Toskan Sep 18 '14 at 23:41
  • I figured out the problem is the storing / retrieving of the `\n` . They don't get stored as `\n` but as an actual newline – Toskan Sep 19 '14 at 00:06
1

You need to escape backslashes with another backslashes. Funny, right?

So after you submitted your text do like this:

$text = str_replace('\\', '\\\\', $text);

so you will have following:

hello \\n \\n my friend \\n !

and when you insert it in your database it will look like a string with only one backslashes

Tengiz
  • 1,902
  • 14
  • 12
  • do you know, in which cases this happens, and which it does not? E.g. what db setup or whatever to avoid this – Toskan Sep 19 '14 at 00:25