用户输入文本区域渲染 \n\r 而不是换行符答案

【问题标题】：User input textarea rendering \n\r instead of linebreak用户输入文本区域渲染 \n\r 而不是换行符
【发布时间】：2021-02-01 15:58:26
【问题描述】：

我的个人网站上有一个 textarea 元素。它用作评论部分，当用户提交信息时，我会自动收到一封包含数据的电子邮件。我遇到的问题是，每当用户插入换行符（按回车键）时，电子邮件都会呈现如下内容：

Hello Mike,\r\n\great website\r\n\keep in touch!\r\n\

代替：

Hello Mike,
Great Website
keep in touch!

这是我的代码，想知道是否有人可以帮助我！谢谢

<?php
// This connects to database
$connection = mysqli_connect ('localhost', 'username', 'password', 'database');
$message_sent = false;
function updateForm () {
    global $connection;

    if ( isset ($_POST['submit'])) {

        if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        global $connection;
        $name = $_POST['name'];
        $email = $_POST['email'];
        $userComment = $_POST['comment'];
        
        $name = mysqli_real_escape_string($connection, $name);
        $email = mysqli_real_escape_string($connection, $email);
        $userComment = mysqli_real_escape_string($connection, $userComment);
    
        // Submits email code
        $to = "michaelrivasnyc@gmail.com";
        $subject = "You have a new form submission";
        $body = "";
        $body .= "From: ".$name. "\r\n";
        $body .= "email: ".$email. "\r\n";
        $body .= "message: ".($userComment). " ";
        

        // email information going to be sent to user

        $userSubject = "Thanks for submitting form.";
        $userBody = "Thank you for submitting form on michaelrivas.net, we will be in touch.";

        mail($to, $subject,$body);

        mail($email, $userSubject, $userBody);

        $message_sent = true;

        } else {
            $message_sent = false;
        }

        $name = mysqli_real_escape_string ($connection, $name);
        $email = mysqli_real_escape_string ($connection, $email);
        $userComment = mysqli_real_escape_string ($connection, $userComment);
    
    $query = "INSERT INTO email (names, email, comment) ";
    $query .= "VALUES ('$name' , '$email' , '$userComment') ";
    $result = mysqli_query($connection, $query);

    if (!$result) {
       die('Connection error' . mysqli_error ());
    } else {
        echo "<br>" . "<br>" . "You have been added to my email list, Thanks for staying in touch";
            }
        }
}



?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>

<script async src="https://www.googletagmanager.com/gtag/js?id=UA-126337947-3"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-126337947-3');
</script>

    <!-- Icons, scripts, CSS, and other attachments. These should be the same
        for all pages minus the <header> class with is the front page photo -->
                        
    <link href="images/radio-tower.png" rel="icon" type="image/x-icon"/>
    <link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
    <link href="https://fonts.googleapis.com/css?family=Mina" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css?family=Ubuntu" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css?family=Timmana" rel="stylesheet">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <script type="text/javascript" src="JS/JS4web.js"></script>
</head>

<fie>
                        <title>Michael Rivas</title>
<!-- Top Navigation Menu -->
<div>

    <div class="navBar">
      <a href="#home" class="active"></a>
      <div id="myLinks">
        <a href="https://michaelrivas.net/index.html">Home</a>
        <a href="https://michaelrivas.net/projects.html">Projects</a>
        <a href="https://michaelrivas.net/contactform.php">Contact</a>
      </div>
      <a href="javascript:void(0);" class="icon" onclick="myFunction()">
        <i class="fa fa-bars"></i>
      </a>
    
</div>

<h1 id="textAboveForm">Keep in touch</h1>
<div id="formFields">
    <form action="contactform.php" method="post" >

        <input style="font-size: 16px;" id="firstnameinput" type="text" name="name" placeholder="Name" required>

        <input style="font-size: 16px;" id="emailinput" type="text" name="email" placeholder= "email" required>
            <br>
    <textarea id="commentBox" name="comment" placeholder= "Drop a note"></textarea>
        <br>
        <input id="submitbutton" type="submit" name= "submit" value= "Submit">

<?php updateForm ();?>
        </form>  
</div>
    </body>
</html>

【问题讨论】：

请分享更多细节——例如，你为什么要在通过mysqli_real_escape_string 传送的邮件正文中加入一个字符串？是否有任何理由不使用用户输入的正确字符串？
另外，现在应该通过准备好的语句来插入数据库，这样您的查询就不会受到 SQL 注入的攻击
你有一个错误。 mysqli_error() 需要一个参数。请考虑打开错误模式。 How to get the error message in MySQLi?

标签： php html email mysqli

【解决方案1】：

您误用了mysqli_real_escape_string()。最好忘记这个功能甚至存在。这是你的问题的根本原因。从您的代码中删除它并使用参数化的预处理语句。

$name = $_POST['name'];
$email = $_POST['email'];
$userComment = $_POST['comment'];

// send an email

$query = "INSERT INTO email (names, email, comment) VALUES (? , ? , ?) ";
$stmt = $connection->prepare($query);
$stmt->bind_param('sss', $name, $email, $userComment);
$stmt->execute();

【讨论】：