Does anybody know why HTML in the DB wont be displayed ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
emelianenko
Forum Commoner
Posts: 35
Joined: Thu Sep 09, 2010 11:49 am

Does anybody know why HTML in the DB wont be displayed ?

Post by emelianenko »

Hello,

If I put data like this hardcoded inside my MySQL row cells


<font color="blue">some word</font>





when I PHP call the row, it does not bring me a blue string, worse than that, it displays me the all the HTML markup, that is, it doesnt recognize it as what it is.

However, I am seeing the DB another guy wrote, and he has exactly that but it works for him. Cant ask him though.

thanks

Emi
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Does anybody know why HTML in the DB wont be displayed ?

Post by Darhazer »

Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database :)
emelianenko
Forum Commoner
Posts: 35
Joined: Thu Sep 09, 2010 11:49 am

Re: Does anybody know why HTML in the DB wont be displayed ?

Post by emelianenko »

hmm, alright you have a point. I will look into that, pretty much it sounds that must be the reason

regards

------------------------------------------------------------------------------------

Darhazer wrote:Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database :)
emelianenko
Forum Commoner
Posts: 35
Joined: Thu Sep 09, 2010 11:49 am

Re: Does anybody know why HTML in the DB wont be displayed ?

Post by emelianenko »

Yes, you were correct!

I have removed the htmlspecialchars and now it shows fine.

And out of this, my question. Is it ok to remove that ? Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database and well the visitor clicks on a menu and the data would be extracted. I suppose it is not a problem to remove htmlspecialchars if it is to output content. Another thing would be to accept visitors input, but if it is output, that should not affect, should it ?

spasiva

Emi

===================================================================================================================================



Darhazer wrote:Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database :)
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Does anybody know why HTML in the DB wont be displayed ?

Post by social_experiment »

emelianenko wrote:Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database...
If you write it to the database you wouldn't sabotage your own site by cross-side scripting would you?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Does anybody know why HTML in the DB wont be displayed ?

Post by Darhazer »

You can use HTMLPurifier to filter the output
Post Reply