• MySQL, selecting a row is escaping string literals
    4 replies, posted
So I'm making a blog for class. I'm trying to retrieve the body text of the blog, which is stored with the literals I need (\n\r) (in the MySQL database), but when they are selected in PHP, as seen below, the string literals are escaped. $res = $mysqli->query("SELECT * FROM `blog_posts` WHERE `id` = '$id'"); $postInfo = $res->fetch_assoc(); $this->longBody = $postInfo['body']; var_dump($postInfo); The var dump shows that it's pulling the string without the string literals. Just trying to get PHP to display the string with literals (I know I also need to escape html entities but that's for later).
it var dumps it in one line.
Obligatory butting in to recommend prepared statements. Sure it might not be needed in this case, but if you get used to it, you'll work securely later down the road
Back at uni the last year of the CS degree had everyone working on case study group projects, in that same year one of the electives was a subject on security. The group I was part of was fairly well skilled comparitively so we had all bases covered but you can imagine what happened when the subject had an open day and other students from the department (and general public) were invited to 'test' the projects.
Sorry, you need to Log In to post a reply to this thread.