I have a script that resides on the same server as a few of my sites. Randomly in this script nl2br() is not working

It is really driving me insane.

Is there any reason why nl2br() would not work.

The script is here if anyone needs it

The part where I am trying to use it is if Im echoing' out input to the textarea if there is a problem. I have also tried to nl2br first and set into a var then echo the var.

Bizzarrely It does work when I display the message.


<?php
session_start();

include 'mysqlconfig.php';
include 'functions.php';

if(!isset($_SESSION['loggedid']))
{

$reason = 'You need to be logged in to view messages';
$redir = $_SERVER['PHP_SELF'];

header("location:usercp.php?do=login&reason=$reason&redir=$redir");
exit();

}

$id = $_SESSION['loggedid'];

if(isset($_POST['sendmsg']))
{

$recipientid = $_POST['recipientid'];
$msgsubject = sanitizeInput($_POST['subject']);
$msgcontent = sanitizeInput($_POST['postText']);
$timesent = time();

if($recipientid != 0)
{
if(!empty($msgsubject))
{
if(!empty($msgcontent))
{
$addmsg = mysql_query("INSERT INTO pvtmsgs (senderid, receiverid, msgsubject, msgcontent, timesent) VALUES ('$id', '$recipientid', '$msgsubject', '$msgcontent', '$timesent')");

if(!$addmsg)
{
$error = 'The site encountered a problem. Please try again';
} else {
header("location:messages.php?do=outbox");
exit();
}
} else {
$error = 'You did not write a message';
}
} else {
$error = 'Please enter a message subject';
}
} else {
$error = 'Please pick a recipient for your message';
}
}

include 'header.php';

?>

<table class="messages" cellpadding="4" cellspacing="0" border="0">

<tr>
<td class="messagesheader">
Messages
</td>
</tr>
<tr>
<td class="messagesfull">
<center>
<br />
<a href="messages.php?do=inbox">Inbox</a> | <a href="messages.php?do=outbox">Outbox</a> | <a href="messages.php?do=newmessage">New Message</a>
<br />
<br />
</center>
</td>
</tr>

</table>

<?php
if(isset($_GET['readmsg']))
{

$msgid = $_GET['readmsg'];

$getmsg = mysql_query("SELECT * FROM pvtmsgs WHERE msgid='$msgid' LIMIT 1");
$fetchmsg = mysql_fetch_array($getmsg);

$senderid = $fetchmsg['senderid'];
$receiverid = $fetchmsg['receiverid'];
$msgsubject = stripslashes($fetchmsg['msgsubject']);
$msgcontent = stripslashes(bb2html(nl2br($fetchmsg['msgcontent'])));
$timesent = date("d M Y H:i",$fetchmsg['timesent']);
$deletedbysender = $fetchmsg['deletedbysender'];
$readbyreceiver = $fetchmsg['readbyreceiver'];

//get sender dets

$getsendername = mysql_query("SELECT username FROM id WHERE id='$senderid' LIMIT 1");
$fetchsendername = mysql_fetch_array($getsendername);

$sendername = $fetchsendername['username'];

?>

<table class="messages" cellpadding="4" cellspacing="0" border="0">

<tr>
<td class="messagesheader"><b>Sent by</b> <?php echo $sendername; ?> <b>On</b> <?php echo $timesent; ?></td>
</tr>
<tr>
<td class="messagesfull">

<b><?php echo $msgsubject; ?></b>
<hr />
<?php echo $msgcontent; ?>

</td>
</tr>

</table>



<?php
}

if(isset($_GET['do']) && ($_GET['do'] == 'newmessage'))
{

?>

<table class="messages" cellpadding="4" cellspacing="0" border="0">
<tr>
<td class="messagesheader">New Message</td>
</tr>

<tr>
<td class="messagesfull">
<div class="form">
<?php
if(isset($error))
{
?>
<center><br /><div class="error"><?php echo $error; ?></div></center>
<?php
}
?>

<form name="postMsg" id="postMsg" action="messages.php?do=newmessage" method="post">
<br />
<label>
To:<br />
<SELECT name="recipientid">
<option SELECTED value="0">- Select Recipient -</option>
<?php
$getusers = mysql_query("SELECT id, username FROM id ORDER BY username");
while($fetchusers = mysql_fetch_array($getusers))
{
$recipientid = $fetchusers['id'];
$recipient = stripslashes($fetchusers['username']);
?>
<option value="<?php echo $recipientid; ?>"><?php echo $recipient; ?></option>

<?php
}
?>
</SELECT>
</label>

<br />
<br />

<script type="text/javascript" src="js/smilies.js"></script>
<script type="text/javascript" src="js/form.js"></script>

<label>Subject:<br /><input type="text" name="subject" size="55" maxlength="100" value="<?php if(isset($msgsubject)){ echo stripslashes(nl2br($msgsubject)); }?>" /></label>
<br />
<br />
<center>
<img src="images/smilies/smile.gif" onclick="AddEmo('::smile::')" alt="Smile" border="0">
<img src="images/smilies/thumbsup.gif" onclick="AddEmo('::thumbsup::')" alt="thumbsup" border="0">
<img src="images/smilies/wink.gif" onclick="AddEmo('::wink::')" alt="Wink" border="0">
<img src="images/smilies/grin.gif" onclick="AddEmo('::grin::')" alt="Grin" border="0">
<img src="images/smilies/shocked.gif" onclick="AddEmo('::shocked::')" alt="shocked" border="0">
<img src="images/smilies/sad.gif" onclick="AddEmo('::sad::')" alt="Sad" border="0">
<img src="images/smilies/rolleyes.gif" onclick="AddEmo('::rolleyes::')" alt="rolleyes" border="0">
<img src="images/smilies/tickedoff.gif" onclick="AddEmo('::tickedoff::')" alt="tickedoff" border="0">
<img src="images/smilies/wink.gif" onclick="AddEmo('::wink::')" alt="wink" border="0">
<img src="images/smilies/idiot.gif" onclick="AddEmo('::idiot::')" alt="idiot" border="0">
<img src="images/smilies/embarrassed.gif" onclick="AddEmo('::embarrassed::')" alt="embarrassed" border="0">
<img src="images/smilies/hardman.gif" onclick="AddEmo('::hardman::')" alt="hardman" border="0">
<br />
<a href="JavaScript:paste_strinL(selektion,3,'','','')" onmouseover="window.status='Bold Style'; return true" onmouseout="window.status=''; return true" onmousemove="pasteSel()"><img src="images/smilies/bold.gif" alt="Bold Style" border="0" /></a>
<a href="JavaScript:paste_strinL(selektion,3,'','','')" onmouseover="window.status='Italic Style'; return true" onmouseout="window.status=''; return true" onmousemove="pasteSel()"><img src="images/smilies/italic.gif" alt="Italic Style" border="0" /></a>
<a href="JavaScript:paste_strinL(selektion,3,'','','')" onmouseover="window.status='Underlined Style'; return true" onmouseout="window.status=''; return true" onmousemove="pasteSel()"><img src="images/smilies/underline.gif" alt="Underlined Style" border="0" /></a>
<a href="JavaScript:paste_strinL(selektion,3,'','','')" onmouseover="window.status='Underlined Style'; return true" onmouseout="window.status=''; return true" onmousemove="pasteSel()"><img src="images/smilies/quote.gif" alt="Underlined Style" border="0" /></a>
</center>
<textarea name="postText" id="postText" rows="10" cols="42"><?php if(isset($msgcontent)){ echo stripslashes(nl2br($msgcontent)); }?></textarea>
<br />
<br />
<input type="submit" name="sendmsg" value=" Send Message " />
<br />
<br />
</form>
</div>
</td>
</tr>

</table>


<?php
}
if(isset($_GET['do']) && ($_GET['do'] == 'inbox'))
{

$getinbox = mysql_query("SELECT * FROM pvtmsgs WHERE receiverid='$id' ORDER BY timesent");
$nummsgs = mysql_num_rows($getinbox);
?>

<table class="messages" cellpadding="4" cellspacing="0" border="0">
<tr>
<td class="messagesheader" colspan="2">Inbox</td>
</tr>

<?php

if($nummsgs == 0)
{
?>
<tr>
<td class="messagesfull">
<center>
<br />
You have no messages in your inbox
<br />
<br />
</center>
</td>
</tr>
<?php
} else {

while($fetchinbox = mysql_fetch_array($getinbox))
{

$msgid = $fetchinbox['msgid'];
$msgsubject = stripslashes($fetchinbox['msgsubject']);
$senderid = $fetchinbox['senderid'];
$timesent = date("d M Y H:i",$fetchinbox['timesent']);
$readbyreceiver = $fetchinbox['readbyreceiver'];

//get sender dets

$getsenderdets = mysql_query("SELECT username FROM id WHERE id='$senderid' LIMIT 1");
$fetchsenderdets = mysql_fetch_array($getsenderdets);

$sendername = $fetchsenderdets['username'];

?>

<tr>
<td class="messagedetails">
<a href="messages.php?do=inbox&readmsg=<?php echo $msgid; ?>"><?php if($readbyreceiver == 0){ echo '<b>'.$msgsubject.'</b>'; } else { echo $msgsubject; } ?></a>
<br />
<b>Sent by</b> <?php echo $sendername; ?> <b>On</b> <?php echo $timesent; ?>
</td>
<td class="messagecheck" align="center"><input type="checkbox" name="delete[]" value="<?php echo $msgid; ?>" /></td>
</tr>

<?php
}
}
?>

</table>

<?php
}

if(isset($_GET['do']) && ($_GET['do'] == 'outbox'))
{
?>

<table class="messages" cellpadding="4" cellspacing="0" border="0">

<tr>
<td class="messagesheader" colspan="2">
Sent Messages
</td>
</tr>

<?php
$getsentmessages = mysql_query("SELECT * FROM pvtmsgs WHERE senderid='$id' ORDER BY timesent");
$nummsgs = mysql_num_rows($getsentmessages);

if($nummsgs == 0)
{
?>
<tr>
<td class="messagesfull">
<center>
<br />
You have no messages in your outbox
<br />
<br />
</center>
</td>
</tr>
<?php
} else {

while($fetchmsgs = mysql_fetch_array($getsentmessages))
{
$msgid = $fetchmsgs['msgid'];
$senttoid = $fetchmsgs['receiverid'];
$msgsubject = stripslashes($fetchmsgs['msgsubject']);
$timesent = date("d M Y H:i",$fetchmsgs['timesent']);

//get receiver dets

$getreceivername = mysql_query("SELECT username FROM id WHERE id='$senttoid' LIMIT 1");
$fetchreceivername = mysql_fetch_array($getreceivername);

$receivername = $fetchreceivername['username'];

?>

<form name="deletesent" action="messages.php?do=outbox" method="post">
<tr>
<td class="messagedetails">
<a href="messages.php?do=outbox&readmsg=<?php echo $msgid; ?>"><?php echo $msgsubject; ?></a>
<br />
<b>Sent to</b> <?php echo $receivername; ?> <b>On</b> <?php echo $timesent; ?>
</td>
<td class="messagecheck" align="center"><input type="checkbox" name="delete[]" value="<?php echo $msgid; ?>" /></td>
</tr>
</form>

<?php
}
}
?>

</table>

<?php
}

include 'footer.php';
?>



I know the script is quite long so understand if you can't be arsed to read it.

EDIT

In fact im not sure if I even should be using nl2br().


Basically if I return input to a textarea i need it not to show the \r\n. but just space the text properly in the textarea

why do you have \r\n in your text? mine doesnt have that, never has as far as im aware.. I just keep all formatting across the board and insert into a TEXT field in the database, this keeps all new lines and line breaks as they were entered in the form, never need to use nl2br...

But yes, nl2br() should be what you need, assuming your using HTML (opposed to XHTML) try nl2br($string,FALSE)

It is adding that automatically when you submit the form.

I have done this a million times on different forms and never seen this problem.

It's never actually hitting the DB Ghozer.

When they haven't picked a title or recipient I am putting the text stored in $postmsg back into the textarea.

As all fields weren't selected the data never hits the DB.

Bizarre.

ah, yes, (was too lazy to read the code ;))

I Don't understand why its not working

Have you tried a replacement page in the rawest format? rip out everything else except your query and that one echo of nl2br()? then build the echo up function by function, then the rest of the page till you find what breaks it (if anything)

I think it was mysql_real_escape_string()

thats was causing the problem

If I just echo the $_POST var instead of echo'ing the santizedInput() it works a treat.

$msgid = $_GET['readmsg'];
$getmsg = mysql_query("SELECT * FROM pvtmsgs WHERE msgid='$msgid' LIMIT 1");

Does that mean I can read any private messages including those those that doesn't belong to me?

Should it not be something like this?
$getmsg = mysql_query("SELECT * FROM pvtmsgs WHERE msgid='$msgid' and ownerid = ".$_SESSION['userid']." LIMIT 1");

It won't be the extact variable/table name but you get the idea.

Ah well spotted John. It is only my first draft tho.

:thumbsup:

It might be worth installing Firefox tamper data and start thinking like a hacker in breaking your own code and accessing data that doesn't belong to you.

I'll take a look at it. Cheers John

I think it was mysql_real_escape_string()

thats was causing the problem

If I just echo the $_POST var instead of echo'ing the santizedInput() it works a treat.

That could do it, as it adds extra \'s and things before quotes, and such like...