Reputation: 2182
Output new line instead of \r\n
I am using this method to store data in database:
$content = $_POST['content'];
$content = mysqli_real_escape_string($mysqli,$content);
$stmt = $mysqli->prepare("INSERT INTO na_posts(postuid,content) VALUES (?, ?)");
$stmt->bind_param("ss",$post_id,$content);
$stmt->execute();
$stmt->close();
And I use this code to get data from the database:
$sql = "SELECT * FROM na_posts WHERE postuid = '" . $id . "'";
$stmt = $mysqli->query($sql);
$row = $stmt->fetch_Object();
echo nl2br($row->content);
but the output is like this:
hey this is line one \r\n this is line two
Why are the new lines show up like this \r\n?
It works if I remove the call to mysqli_real_escape_string() which is important for security as i have read.
Upvotes: 0
Views: 186
Answers (1)
Reputation: 11535
mysqli_real_escape_string is not needed if you're using bind parameters, as you are here with bind_param. It's one or the other, you don't need both. Bind parameters are better for various reasons, mainly that it's easier to build the SQL and the database can also be more efficient (since it can be more efficient at executing the same query twice even if the bound values vary).
For outputting the value, in HTML you should use something like htmlspecialchars as mentioned by Alamri. Most decent templating engines will allow you to escape values by default so that you don't have to remember to escape every time. Symfony for example will escape values by default in its templates (other PHP web frameworks are available).
Upvotes: 7
Related Questions
- PHP new line \n and \r\n not working
- Echo new line in PHP
- PHP how to convert \n to newline
- PHP: trying to create a new line with "\n"
- Php newline not using \n\r
- Newline In File
- Not outputting newline in php
- string a line to new line and do not add newline at the end?
- how to write unified new line in PHP?