NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP function to execute HTML tags

Rob Marscher rmarscher at beaffinitive.com
Wed Apr 4 03:10:12 EDT 2012


On Apr 3, 2012, at 5:44 PM, tuon1 at netzero.net wrote:
> Can you guys tell me what the PHP function that executes HTML tags when the content from the database contains HTML tags get dumped onto the webpage?
> 
> What I am talking about is that when HTML tags got stored in the database, it gets treated like ordinary plain texts and when those plain texts get dumped onto the webpage, the browser treats or displays them as texts.
> 
As Lester mentioned, it sounds like your html was escaped when it was stored to the database.  Another possibiliy is that you are using some type of framework (like Zend, Symfony, Cake, etc) that is automatically escaping output.  If you are using a framework, let us know what it is.  Just a guess, but how about this:

echo stripslashes($html);
http://php.net/stripslashes

or if that doesn't work

echo html_entity_decode($html);
http://php.net/html_entity_decode

Just be very careful about this html in your database.  If it's being entered by a user, that's a very common source of security exploits in php.  You need to make sure to clean it in some way.  HtmlPurifier is a library that can do this for you - http://htmlpurifier.org/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120404/a2e0224b/attachment.html>


More information about the talk mailing list