Hello,
If I put data like this hardcoded inside my MySQL row cells
<font color="blue">some word</font>
when I PHP call the row, it does not bring me a blue string, worse than that, it displays me the all the HTML markup, that is, it doesnt recognize it as what it is.
However, I am seeing the DB another guy wrote, and he has exactly that but it works for him. Cant ask him though.
thanks
Emi
Does anybody know why HTML in the DB wont be displayed ?
Moderator: General Moderators
-
emelianenko
- Forum Commoner
- Posts: 35
- Joined: Thu Sep 09, 2010 11:49 am
Re: Does anybody know why HTML in the DB wont be displayed ?
Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database
-
emelianenko
- Forum Commoner
- Posts: 35
- Joined: Thu Sep 09, 2010 11:49 am
Re: Does anybody know why HTML in the DB wont be displayed ?
hmm, alright you have a point. I will look into that, pretty much it sounds that must be the reason
regards
------------------------------------------------------------------------------------
regards
------------------------------------------------------------------------------------
Darhazer wrote:Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database
-
emelianenko
- Forum Commoner
- Posts: 35
- Joined: Thu Sep 09, 2010 11:49 am
Re: Does anybody know why HTML in the DB wont be displayed ?
Yes, you were correct!
I have removed the htmlspecialchars and now it shows fine.
And out of this, my question. Is it ok to remove that ? Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database and well the visitor clicks on a menu and the data would be extracted. I suppose it is not a problem to remove htmlspecialchars if it is to output content. Another thing would be to accept visitors input, but if it is output, that should not affect, should it ?
spasiva
Emi
===================================================================================================================================
I have removed the htmlspecialchars and now it shows fine.
And out of this, my question. Is it ok to remove that ? Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database and well the visitor clicks on a menu and the data would be extracted. I suppose it is not a problem to remove htmlspecialchars if it is to output content. Another thing would be to accept visitors input, but if it is output, that should not affect, should it ?
spasiva
Emi
===================================================================================================================================
Darhazer wrote:Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Does anybody know why HTML in the DB wont be displayed ?
If you write it to the database you wouldn't sabotage your own site by cross-side scripting would you?emelianenko wrote:Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database...
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: Does anybody know why HTML in the DB wont be displayed ?
You can use HTMLPurifier to filter the output