dpd3447 2012-11-30 13:00
浏览 57
已采纳

使用mysql_real_escape_string后,在textarea中显示多行

I am trying to protect against sql injections by using mysql_real_escape_string before inserting data to the database:

$data=mysql_real_escape_string($_POST['data']);

Now, the data is stored as such:

That\\\'s an apostrophe.

This new line isn\\\'t displaying properly!

So, I am trying to get it to display correctly inside of a textarea after pulling it back out of mysql:

$data = nl2br($data);

For whatever reason, this does NOTHING. I've even tried str_replace to replace the 's with a <br>, but then the <br> just displays within the textarea.

How do I get what's in my mysql to display as:

That's an apostrophe.

This new line isn't displaying properly!
  • 写回答

3条回答 默认 最新

  • drt5813 2012-11-30 13:13
    关注

    you probably have magic_quotes turned on, check it with
    echo get_magic_quotes_gpc() or else you will double quote

    "Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. "

    by the way, it's not a good ideia to use magic_quotes, try using one of this classes.

    PDO http://br2.php.net/manual/en/book.pdo.php or mysqli http://br2.php.net/manual/en/book.mysqli.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么