PHP remove whitespaces - "ghost" lines appear

Question

I have an HTML Form that queries entries from a MySQL Database and inputs these values into several text areas where they may be edited and these changes subsequently saved.

The SQL/PHP interaction seems to work find, I get the queried information and am able to update the database accordingly. However, whenever I access the (string) information and echo this into the text area, there are suddenly four blank lines inserted from nowhere in front of the actual string content.

I do not understand where these blank lines are coming from and moreover how to get rid of them.

Here's the code from the form text area:

<textarea 
    name="MicroLoc_Entry" 
    id="MicroLoc_Entry" 
    style="position:absolute;left:581px;top:45px;width:73px;height:18px;z-index:14;" 
    rows="1" 
    cols="1" 
    spellcheck="false"
>
    <?php 
        include ('db_connect.php'); 
        $ID = $_POST['ItemID']; 
        $sql = "SELECT MicroLoc from Main WHERE ItemID = ".$ID ; 
        $result = mysqli_query($link, $sql); 
        $res = mysqli_fetch_array($result);  
        $msg = $res['MicroLoc'];
        echo preg_replace('/\s\s+/', '', $msg); 
    ?>
</textarea>

Using either ltrim($string) or preg_replace('/\s+/g', '', $string) or preg_replace('/\s\s+/', '', $string) does only reduce the whitespace to two additional blank lines but does not remove them all.

Thanks a lot for any help!

Try to fit the opening php tag to the preceding closing HTML tag. similar for ending PHP tag... Those are white spaces that get rendered. — trincot, Sep 08 '20 at 20:05
Unrelated, but learn about https://www.php.net/manual/en/mysqli.prepare.php — Olaf Dietsche, Sep 08 '20 at 20:08
**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Sep 08 '20 at 20:39
@Dharman this was already said by Olaf. There's enough to cast `$ID` to integer. And this is not solves the problem. — krylov123, Sep 09 '20 at 08:00
@trincot Thanks a lot, executing the php tag in front of the whole html parts actually did solve my blank lines problem :-) — nonsense73, Sep 09 '20 at 10:30

krylov123 · Accepted Answer · 2020-09-09T07:56:37.123

-1

Run your code before the <textarea> and then echo the result inside <textarea>. So, if your code generate any newlines - it will be outside <textarea>.

<?php 
        include ('db_connect.php'); 
        $ID = $_POST['ItemID']; 
        $sql = "SELECT MicroLoc from Main WHERE ItemID = ".intval($ID) ; 
        $result = mysqli_query($link, $sql); 
        $res = mysqli_fetch_array($result);  
        $msg = $res['MicroLoc'];
        $echomsg = preg_replace('/\s\s+/', '', $msg); 
?>
<textarea 
    name="MicroLoc_Entry" 
    id="MicroLoc_Entry" 
    style="position:absolute;left:581px;top:45px;width:73px;height:18px;z-index:14;" 
    rows="1" 
    cols="1" 
    spellcheck="false"
><?php echo $echomsg; ?></textarea>

Also please be sure, that there is no any other spaces or newlines between the <textarea> and </textarea> tags. Because these also can be the source of unwanted symbols.

edited Sep 09 '20 at 07:56

answered Sep 08 '20 at 20:09

krylov123

739
8
15

**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 08 '20 at 20:40
Won’t use of intval remove the injection problem? – Martin Perry Sep 09 '20 at 08:04
@krylov123 Thank you, removing the php tag did help the immediate problem :-) – nonsense73 Sep 09 '20 at 10:32

PHP remove whitespaces - "ghost" lines appear

1 Answers1