1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:46 am Apr 29, 2026

Forum Moderators: coopster

Message Too Old, No Replies

trim and mysqli real escape string

to prevent SQL injection

         

naiquevin

11:13 am on May 30, 2009 (gmt 0)

10+ Year Member



I am using a form to insert data into database. And to prevent SQL injection, I am using trim as well as mysqli_real_escape_string..

like this, 


$xyz = mysqli_real_escape_string($con,trim($_POST['xyz']));

but I want to keep the "\r\n" elements . This is because I am replacing these with <br/> so that line breaks appear when the data is displayed 


$final_xyz = str_replace("\r\n","<br/>",$xyz);

Now, if I just use trim, the line break thing works. IF mysqli_real... is also used, it doesnt work.

Is it recommended to not use mysqli_re...? for having line breaks in the textarea.
How much of a difference in terms of security issues will it make?

Thanks

henry0

11:40 am on May 30, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



$final=nl2br($final);
check nl2br [php.net]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:46 am Apr 29, 2026