Page 1 of 1

Does anybody know why HTML in the DB wont be displayed ?

Posted: Thu Dec 30, 2010 4:33 pm
by emelianenko
Hello,

If I put data like this hardcoded inside my MySQL row cells


<font color="blue">some word</font>





when I PHP call the row, it does not bring me a blue string, worse than that, it displays me the all the HTML markup, that is, it doesnt recognize it as what it is.

However, I am seeing the DB another guy wrote, and he has exactly that but it works for him. Cant ask him though.

thanks

Emi

Re: Does anybody know why HTML in the DB wont be displayed ?

Posted: Thu Dec 30, 2010 4:37 pm
by Darhazer
Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database :)

Re: Does anybody know why HTML in the DB wont be displayed ?

Posted: Fri Dec 31, 2010 6:37 am
by emelianenko
hmm, alright you have a point. I will look into that, pretty much it sounds that must be the reason

regards

------------------------------------------------------------------------------------

Darhazer wrote:Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database :)

Re: Does anybody know why HTML in the DB wont be displayed ?

Posted: Fri Dec 31, 2010 6:45 am
by emelianenko
Yes, you were correct!

I have removed the htmlspecialchars and now it shows fine.

And out of this, my question. Is it ok to remove that ? Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database and well the visitor clicks on a menu and the data would be extracted. I suppose it is not a problem to remove htmlspecialchars if it is to output content. Another thing would be to accept visitors input, but if it is output, that should not affect, should it ?

spasiva

Emi

===================================================================================================================================



Darhazer wrote:Code that displays the data?
Maybe you are using htmlspecialchars / htmlentities when you are otputing it? Or you have used it when you put the data in the database :)

Re: Does anybody know why HTML in the DB wont be displayed ?

Posted: Fri Dec 31, 2010 6:48 am
by social_experiment
emelianenko wrote:Is it not unsecure to remove it when outputting it ? That is actually data that I myself include in the database...
If you write it to the database you wouldn't sabotage your own site by cross-side scripting would you?

Re: Does anybody know why HTML in the DB wont be displayed ?

Posted: Fri Dec 31, 2010 7:06 am
by Darhazer
You can use HTMLPurifier to filter the output