[eluser]timaksu[/eluser]
hi guys. users can submit comments in my website, and to make the comments safe i do this before putting the string into the database:
Code:
$text = strip_tags($text);
$text = nl2br($text);
$text = mysql_real_escape_string($text);
it works but creates extra \n's due to the mysql escape... when i remove the escape it works, but i havnt escaped it.. and when i move the nl2br under the escape, the \n's wont get changed to <br />'s (in any way at all).
i was also wondering if there was a way to do all this with functions provided by codeigniter.
lastly, does it matter if i dont escape? i use this
to insert the right stuff into the right table/rows. does it escape on its own? (i was told that these db functions do that on their own? i dont know. i wanted to make sure)
thanks