问题
I am having a problem regarding data coming from CKEditor textarea field. I am using CKEditor 4.4.1. Whenever I try to submit the content of CKEditor it generates characters \r\n again and again. But it happening only when I am sanitizing my incoming data. Here is my function which sanitizes the incoming content -
// filter user input
public function filter_data($input)
{
// if magic quotes are on
if(get_magic_quotes_gpc())
{
$input = stripslashes($input);
}
$sanitized_data = mysqli_real_escape_string($this->con, trim($input));
return $sanitized_data;
}
And this is how I am calling the above function -
$post_content = $users_obj->filter_data($_POST['txtpostcontent']);
And then I am getting following output in CKEditor -
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
\r\n\r\n
\r\n\r\n
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
\r\n\r\n
But when I don't call the above function then everything is fine and there is no characters like \r\n in my content.
So I want to know how can I stop these characters from being produced automatically by keeping my sanitizing function on? Is there any way I can sanitized my content and also don't get these characters as well? Thanks.
回答1:
one more thing is helpful :
$text = str_ireplace(array("\r","\n",'\r','\n'),'', $text);
回答2:
I have fixed the problem and it turns out to be a very simple setting. In config.js I simply set:
config.FormatOutput = false ;
And it works no more stupid \r\n inserted into my html
回答3:
If you are using mysqli_real_escape_string() in php remove this.
Edit: For prevent Injection use prepare() statement.
Edit 2: If still want to use mysqli_real_escape_string(); you can use-
$text = mysqli_real_escape_string($conn, $_POST["description"]);
$description = str_ireplace(array("\r","\n",'\r','\n'),'', $text);
回答4:
Can try this
$text = str_ireplace(['\\\\r', '\\\\n'], "", $text);
回答5:
The \r\n is a result of mysqi_real_escape_string escaping new line characters as specified in the php documentation.
If you're only concerned about debugging then you don't need to worry about these. If it's causing you problems because you're using the result for something other than a mysqli function, then you'll need to use a different sanitization that is designed for your use case.
As others have said, it's better to use prepared statements if that's an option.
来源:https://stackoverflow.com/questions/25112124/how-to-stop-ckeditor-producing-r-n-characters-automatically-when-data-is-saniti