>That looks like the result of htmlentities(nl2br($string)).

Actually, it's probably the result of just nl2br($string) and being in the
midst of the INPUT tag in the first place...

>Do it the other way around.
>Better yet, don't call nl2br or htmlentities or anything else on data that
>you are inserting into your database. Madness that way lies.
>Instead, use those functions only when outputting data to the browser.

Yes!  I forgot to say that part.  Don't put the nl2br() part in before you
insert it to the database.

You'll give yourself a major headache some day, like when you need to send
that data off to something that's *not* a browser.  And it *will* happen,
sooner or later.

You *DO* need the htmlentities() to change your $string into valid HTML, so
you can send it to the browser and fish it back out reliably.

You are essentially treating the browser as a "data storage facility", but a
browser only accepts HTML data.

Thus, you must convert your data into HTML using htmlentities() when storing
it there.

You do *NOT* want to convert it with htmlentities() or nl2br() when storing
it in MySQL.

You only want to use Magic Quotes *OR* addslashes() to store into MySQL.

Then, only when you *finally* output it to the end-user do you want to use
nl2br() to add any HTML needed to properly display it.

I hope this is making some sense now.  It's hard to know when to apply these
functions, but the two basic rules I would suggest you try to follow are:

Be sure you use the right function to store the data in the place you're
putting it:

htmlentities to "store" HTML data
addlashes() to "store" MySQL data (Or Magic Quotes instead of addslashes)
nl2br() only to output the data in the final rendering to the end-user

And, only apply these functions at the last minute that you have to --
Applying them any sooner than that will give you a data-headache.

Still, though, using the browser as "data storage facility" in a multi-page
FORM is not such a Good Idea (tm) in the first place.

The browser is really good at *presenting* data, but wasn't really designed
as a substitute for a database.  Put your data into the database as soon as
possible.  MySQL is *really* good at data storage.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to