• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Using escape_str() or escape() produces a backslash \n character rather than \r\n

#1
[eluser]brandobandido[/eluser]
Hi CI Experts,

Badly need your help here. I'm stuck to this issue for a couple of weeks already.

The issue was using the escape_str() or escape() produces a backslash n (\n) in the database record. E.g.
if I type in the text field

Code:
Hi This is it
Code:
Hi This is it

In the database, I will get

Code:
Hi This is it\n Hi This is it

The output in my view in the textarea is this

Code:
Hi This is it\n Hi This is it

If I use stripslashes(), it will remove the slash and the "n" will still remain.

So the output will become like this

Code:
Hi This is it n Hi This is it

What am I doing wrong here? Or is this a bug?


Any help would be greatly appreciated. Thanks!

#2
[eluser]InsiteFX[/eluser]
If you use Active Record you do not have to worry about this, Active Record will escape everything automatically.
Code:
$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";

InsiteFX

#3
[eluser]brandobandido[/eluser]
[quote author="InsiteFX" date="1302032723"]If you use Active Record you do not have to worry about this, Active Record will escape everything automatically.
Code:
$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";

InsiteFX[/quote]

Hi InsiteFX! First of all, thanks for your quick reply. By the way, I would just like to confirm. You mean I don't need the escape_str() and escape() when I'm using active record? Correct?

#4
[eluser]brandobandido[/eluser]
[quote author="InsiteFX" date="1302032723"]If you use Active Record you do not have to worry about this, Active Record will escape everything automatically.
Code:
$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";

InsiteFX[/quote]

I tried removing the escape_str(). When I insert string with quotes, it doesn't escape them. For example, I inserted "It's My Life". I'm expecting that in the db it will become "It\'s My Life". But it's the same. What's your insight about this InsiteFX?

Thanks so much man!

#5
[eluser]InsiteFX[/eluser]
Correct, Active Record handles the escaping automatically.
Code:
// you must use an array like this!
$data = array('title' => 'title');

$this->db->insert('table', $data);
Note: All values are escaped automatically producing safer queries.

InsiteFX


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.