Is it safe to sanitize the input with mysql_real_escape_string and then unescape line-breaks? For example:
$to_database = mysql_real_escape_string($_POST['some_input']);
$to_database = str_replace('\n', "\n", $to_database);
$to_database = str_replace('\r', "\r"开发者_Python百科, $to_database);
I need this, because they spoil my markdown which is stored in database.
To unescape special characters like '\n' or '\r' you need use stripcslashes (not stripslashes) after pulling from database
There is no point in unescaping anything after the mysql_real_escape_string. If the data is not read correcly back, most likely magic quotes is turned on. In that case, you have to stripslashes before the escaping. (But do this only if magic quotes is turned on - you can check this at runtime)
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论