>> Can you guys tell me what the PHP function that executes HTML tags when the
>> content from the database contains HTML tags get dumped onto the webpage?
>>
>> What I am talking about is that when HTML tags got stored in the database,
>> it gets treated like ordinary plain texts and when those plain texts get
>> dumped onto the webpage, the browser treats or displays them as texts.
>>
>As Lester mentioned, it sounds like your html was escaped when it was stored
>to the >database. Another possibiliy is that you are using some type of
>framework (like Zend, >Symfony, Cake, etc) that is automatically escaping
>output. If you are using a framework, let >us know what it is. Just a guess,
>but how about this:
>echo stripslashes($html);
>http://php.net/stripslashes
>or if that doesn't work
>echo html_entity_decode($html);
>http://php.net/html_entity_decode
>Just be very careful about this html in your database. If it's being entered
>by a user, that's a >very common source of security exploits in php. You need
>to make sure to clean it in some >way. HtmlPurifier is a library that can do
>this for you - http://htmlpurifier.org/
Thanks to Lester and Rob for replying.
I don't use any Framework or Tools--just plain PHP handwritten code.
Here's what I did:
1. Take the content from the form (<textarea> user input).
2. Escape it and add it to the database:
Content = mysql_real_escape_string($Content);
/* Add info into the database */
$query = "INSERT INTO `Content_Table`
(
Content`, `Datestamp`
)
VALUES
(
'$Content', '$Datestamp'
)";
mysql_query($query);
3. Retrieve the content from the database and display it on the web.
$query = @mysql_query("SELECT Content, DATE_FORMAT(Datestamp, '%W %M %d, %Y %r')
AS FormatDatetimestamp FROM Content_Table ORDER BY Datetimestamp DESC") or
mysql_error();
if (mysql_num_rows($query) > 0)
{
while ($row = mysql_fetch_array($query))
{
$Content = $row['Content'];
echo $Content;
}
}
The content that gets stored in the database contains both plain texts and HTML
tags like <a>, <table>, <tr>, etc.
When those tags get displayed, the Browser doesn't treat those tags as HTML
entities, but rather as ordinary plain texts.
Thanks in advance.
Paul
---------- Original Message ----------
From: [email protected]
To: [email protected]
Subject: talk Digest, Vol 66, Issue 3
Date: Wed, 04 Apr 2012 12:00:02 -0400
Send talk mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.nyphp.org/mailman/listinfo/talk
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of talk digest..."
Today's Topics:
1. PHP function to execute HTML tags ([email protected])
2. Re: PHP function to execute HTML tags (Ron Guerin)
3. Next Meeting Poll and PHP Usage Statistics (Hans Zaunere)
4. Re: Next Meeting Poll and PHP Usage Statistics (Rolan Yang)
5. Re: Next Meeting Poll and PHP Usage Statistics (David Krings)
6. Re: PHP function to execute HTML tags (Lester Leong)
7. Re: PHP function to execute HTML tags (Rob Marscher)
----------------------------------------------------------------------
Message: 1
Date: Tue, 3 Apr 2012 21:44:24 GMT
From: "[email protected]" <[email protected]>
To: [email protected]
Subject: [nyphp-talk] PHP function to execute HTML tags
Message-ID: <[email protected]>
Content-Type: text/plain; charset="windows-1252"
Hi!
Can you guys tell me what the PHP function that executes HTML tags when the
content from the database contains HTML tags get dumped onto the webpage?
I used to know it but since I haven't used it for a long time, I can't think of
its name right now.
What I am talking about is that when HTML tags got stored in the database, it
gets treated like ordinary plain texts and when those plain texts get dumped
onto the webpage, the browser treats or displays them as texts.
Thanks in advance!
Paul
____________________________________________________________
53 Year Old Mom Looks 33
The Stunning Results of Her Wrinkle Trick Has Botox Doctors Worried
http://thirdpartyoffers.netzero.net/TGL3231/4f7b6f799dd92335392bst04duc
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nyphp.org/pipermail/talk/attachments/20120403/cf7273b4/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 03 Apr 2012 18:55:54 -0400
From: Ron Guerin <[email protected]>
To: [email protected]
Subject: Re: [nyphp-talk] PHP function to execute HTML tags
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
On 04/03/2012 05:44 PM, [email protected] wrote:
> Hi!
>
> Can you guys tell me what the PHP function that executes HTML tags when
> the content from the database contains HTML tags get dumped onto the
> webpage?
>
> I used to know it but since I haven't used it for a long time, I can't
> think of its name right now.
>
> What I am talking about is that when HTML tags got stored in the
> database, it gets treated like ordinary plain texts and when those plain
> texts get dumped onto the webpage, the browser treats or displays them
> as texts.
I'm not entirely sure I understand the question.
You can echo HTML retrieved from the database to execute HTML markup.
To see the markup as text, you can echo it after running it through
htmlentities().
http://us3.php.net/manual/en/function.htmlentities.php
- Ron
------------------------------
Message: 3
Date: Tue, 3 Apr 2012 19:32:01 -0400
From: "Hans Zaunere" <[email protected]>
To: "NYPHP Talk" <[email protected]>
Subject: [nyphp-talk] Next Meeting Poll and PHP Usage Statistics
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hi all,
First, a couple of interesting stats/surveys:
http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
http://venturebeat.com/2012/01/11/what-developers-will-be-doing-learning-lis
tening-to-in-2012-survey-results/
Thoughts/conclusions from the two links? Some interesting correlations and
trends come to mind...
And now to collect some statistics of our own. NYPHP speaking super-star
Anthony Ferrara will be returning in the coming months, and we have the
opportunity to pick from the following topics:
STUPID and SOLID code:
http://nikic.github.com/2011/12/27/Dont-be-STUPID-GRASP-SOLID.html
becoming a better developer:
http://blog.ircmaxell.com/2011/11/becoming-better-developer.html
optimization strategies in PHP
starting with http://blog.ircmaxell.com/2011/08/on-optimization-in-php.html
and going into strategies and techniques
real-world applications of design patterns
http://blog.ircmaxell.com/2012/03/handling-plugins-in-php.html
PHP's internals, as a primer guide
http://blog.ircmaxell.com/2012/03/phps-source-code-for-php-developers.html
Please let's discuss on-list or send your +1 vote for a particular talk.
---
Hans Zaunere / New York PHP
------------------------------
Message: 4
Date: Tue, 03 Apr 2012 19:42:24 -0400
From: Rolan Yang <[email protected]>
To: NYPHP Talk <[email protected]>
Subject: Re: [nyphp-talk] Next Meeting Poll and PHP Usage Statistics
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Logo is in the top 20???
On 4/3/2012 7:32 PM, Hans Zaunere wrote:
> Hi all,
>
> First, a couple of interesting stats/surveys:
>
> http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
>
> http://venturebeat.com/2012/01/11/what-developers-will-be-doing-learning-lis
> tening-to-in-2012-survey-results/
>
> Thoughts/conclusions from the two links? Some interesting correlations and
> trends come to mind...
>
>
> And now to collect some statistics of our own. NYPHP speaking super-star
> Anthony Ferrara will be returning in the coming months, and we have the
> opportunity to pick from the following topics:
>
> STUPID and SOLID code:
> http://nikic.github.com/2011/12/27/Dont-be-STUPID-GRASP-SOLID.html
>
> becoming a better developer:
> http://blog.ircmaxell.com/2011/11/becoming-better-developer.html
>
> optimization strategies in PHP
> starting with http://blog.ircmaxell.com/2011/08/on-optimization-in-php.html
> and going into strategies and techniques
>
> real-world applications of design patterns
> http://blog.ircmaxell.com/2012/03/handling-plugins-in-php.html
>
> PHP's internals, as a primer guide
> http://blog.ircmaxell.com/2012/03/phps-source-code-for-php-developers.html
>
> Please let's discuss on-list or send your +1 vote for a particular talk.
>
> ---
> Hans Zaunere / New York PHP
>
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>
------------------------------
Message: 5
Date: Tue, 03 Apr 2012 20:31:18 -0400
From: David Krings <[email protected]>
To: NYPHP Talk <[email protected]>
Subject: Re: [nyphp-talk] Next Meeting Poll and PHP Usage Statistics
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 4/3/2012 7:42 PM, Rolan Yang wrote:
> Logo is in the top 20???
Yea, but I wonder how it got there. But then I also wonder what the point of
234234234234 different C dialects is.
David
------------------------------
Message: 6
Date: Tue, 3 Apr 2012 21:07:17 -0400
From: Lester Leong <[email protected]>
To: NYPHP Talk <[email protected]>
Subject: Re: [nyphp-talk] PHP function to execute HTML tags
Message-ID:
<CAAxweOTBAY8zD04U9Czv_x1=6txoxpcvqoyy5gxwqtjgeg3...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Double-check how the markup is being saved to the database. You might be
inadvertently applying htmlentities or other processing to escape / remove
special chars.
On Tue, Apr 3, 2012 at 6:55 PM, Ron Guerin <[email protected]> wrote:
> On 04/03/2012 05:44 PM, [email protected] wrote:
> > Hi!
> >
> > Can you guys tell me what the PHP function that executes HTML tags when
> > the content from the database contains HTML tags get dumped onto the
> > webpage?
> >
> > I used to know it but since I haven't used it for a long time, I can't
> > think of its name right now.
> >
> > What I am talking about is that when HTML tags got stored in the
> > database, it gets treated like ordinary plain texts and when those plain
> > texts get dumped onto the webpage, the browser treats or displays them
> > as texts.
>
> I'm not entirely sure I understand the question.
>
> You can echo HTML retrieved from the database to execute HTML markup.
>
> To see the markup as text, you can echo it after running it through
> htmlentities().
>
> http://us3.php.net/manual/en/function.htmlentities.php
>
> - Ron
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nyphp.org/pipermail/talk/attachments/20120403/901e7970/attachment-0001.html>
------------------------------
Message: 7
Date: Wed, 4 Apr 2012 03:10:12 -0400
From: Rob Marscher <[email protected]>
To: NYPHP Talk <[email protected]>
Subject: Re: [nyphp-talk] PHP function to execute HTML tags
Message-ID: <[email protected]>
Content-Type: text/plain; charset="windows-1252"
On Apr 3, 2012, at 5:44 PM, [email protected] wrote:
> Can you guys tell me what the PHP function that executes HTML tags when the
> content from the database contains HTML tags get dumped onto the webpage?
>
> What I am talking about is that when HTML tags got stored in the database, it
> gets treated like ordinary plain texts and when those plain texts get dumped
> onto the webpage, the browser treats or displays them as texts.
>
As Lester mentioned, it sounds like your html was escaped when it was stored to
the database. Another possibiliy is that you are using some type of framework
(like Zend, Symfony, Cake, etc) that is automatically escaping output. If you
are using a framework, let us know what it is. Just a guess, but how about
this:
echo stripslashes($html);
http://php.net/stripslashes
or if that doesn't work
echo html_entity_decode($html);
http://php.net/html_entity_decode
Just be very careful about this html in your database. If it's being entered
by a user, that's a very common source of security exploits in php. You need
to make sure to clean it in some way. HtmlPurifier is a library that can do
this for you - http://htmlpurifier.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nyphp.org/pipermail/talk/attachments/20120404/a2e0224b/attachment-0001.html>
------------------------------
_______________________________________________
talk mailing list
[email protected]
http://lists.nyphp.org/mailman/listinfo/talk
End of talk Digest, Vol 66, Issue 3
***********************************
____________________________________________________________
53 Year Old Mom Looks 33
The Stunning Results of Her Wrinkle Trick Has Botox Doctors Worried
http://thirdpartyoffers.netzero.net/TGL3231/4f7cc9d6a833e55c31st06duc_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show-participation
