I start out with a string like this : "I would like to:\r\n\r\n1.) Rid this mess\r\n\r\n\2.) Now Please" (this is 'cleaned' user input text).
So essentially my statement would be this :
$query = sanitize($_POST['query']); // gives the result string
I want to remove the "\r\n\r\n"'s from this string. So far I have try to do this by using the following :
$query = preg_replace("/\r\n\r\n/", " ", $query);
or
$query = str_replace("\r\n\r\n", " ", $query);
None seem to work?
However, if I do the following :
$query = "I would like to:\r\n\r\n1.) Rid this mess\r\n\r\n\2.) Now Please";
$query = preg_replace("/\r\n\r\n/", " ", $query); // I tried str_replace() too
var_dump($query);
exit;
I get the output that I desire...
Could someone please explain to me why on earth this is happening and how i could solve the issue?
Any advice, input or suggestions would be greatly appreciated as I am not almost bald from pulling my hair out...
Thank you!
EDIT :
This may help function sanitize() :
function html($text)
{
return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
}
function htmlout($text)
{
return html($text);
}
function cleanInput($input)
{
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
);
$output = preg_replace($search, '', $input);
$output = htmlout($output);
return $output;
}
function sanitize($input)
{
if (is_array($input))
{
foreach($input as $var=>$val)
{
$output[$var] = sanitize($val);
}
}
else
{
include "C:/wamp/www/includes/inc/main/db.inc.php";
if (get_magic_quotes_gpc())
{
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysqli_real_escape_string($link, $input);
}
return $output;
}
This worked for me
The only proper solution
sanitize()
functionhtmlout()
function to display user's text back.You can read more here and here
If there's literal
\r\n
characters in your database, you need to quadruple the slashes.So you using this should in theory do the trick:
Have you got magic quotes on?
http://php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
It might be escaping your slashes.