[nycphp-talk] PHP function to execute HTML tags
tuon1 at netzero.net
tuon1 at netzero.net
Wed Apr 4 18:22:41 EDT 2012
>> Can you guys tell me what the PHP function that executes HTML tags when the content from the database contains HTML tags get dumped onto the webpage?
>>
>> What I am talking about is that when HTML tags got stored in the database, it gets treated like ordinary plain texts and when those plain texts get dumped onto the webpage, the browser treats or displays them as texts.
>>
>As Lester mentioned, it sounds like your html was escaped when it was stored to the >database. Another possibiliy is that you are using some type of framework (like Zend, >Symfony, Cake, etc) that is automatically escaping output. If you are using a framework, let >us know what it is. Just a guess, but how about this:
>echo stripslashes($html);
>http://php.net/stripslashes
>or if that doesn't work
>echo html_entity_decode($html);
>http://php.net/html_entity_decode
>Just be very careful about this html in your database. If it's being entered by a user, that's a >very common source of security exploits in php. You need to make sure to clean it in some >way. HtmlPurifier is a library that can do this for you - http://htmlpurifier.org/
Thanks to Lester and Rob for replying.
I don't use any Framework or Tools--just plain PHP handwritten code.
Here's what I did:
1. Take the content from the form (<textarea> user input).
2. Escape it and add it to the database:
Content = mysql_real_escape_string($Content);
/* Add info into the database */
$query = "INSERT INTO `Content_Table`
(
Content`, `Datestamp`
)
VALUES
(
'$Content', '$Datestamp'
)";
mysql_query($query);
3. Retrieve the content from the database and display it on the web.
$query = @mysql_query("SELECT Content, DATE_FORMAT(Datestamp, '%W %M %d, %Y %r')
AS FormatDatetimestamp FROM Content_Table ORDER BY Datetimestamp DESC") or mysql_error();
if (mysql_num_rows($query) > 0)
{
while ($row = mysql_fetch_array($query))
{
$Content = $row['Content'];
echo $Content;
}
}
The content that gets stored in the database contains both plain texts and HTML tags like <a>, <table>, <tr>, etc.
When those tags get displayed, the Browser doesn't treat those tags as HTML entities, but rather as ordinary plain texts.
Thanks in advance.
Paul
---------- Original Message ----------
From: talk-request at lists.nyphp.org
To: talk at lists.nyphp.org
Subject: talk Digest, Vol 66, Issue 3
Date: Wed, 04 Apr 2012 12:00:02 -0400
Send talk mailing list submissions to
talk at lists.nyphp.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.nyphp.org/mailman/listinfo/talk
or, via email, send a message with subject or body 'help' to
talk-request at lists.nyphp.org
You can reach the person managing the list at
talk-owner at lists.nyphp.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of talk digest..."
Today's Topics:
1. PHP function to execute HTML tags (tuon1 at netzero.net)
2. Re: PHP function to execute HTML tags (Ron Guerin)
3. Next Meeting Poll and PHP Usage Statistics (Hans Zaunere)
4. Re: Next Meeting Poll and PHP Usage Statistics (Rolan Yang)
5. Re: Next Meeting Poll and PHP Usage Statistics (David Krings)
6. Re: PHP function to execute HTML tags (Lester Leong)
7. Re: PHP function to execute HTML tags (Rob Marscher)
----------------------------------------------------------------------
Message: 1
Date: Tue, 3 Apr 2012 21:44:24 GMT
From: "tuon1 at netzero.net" <tuon1 at netzero.net>
To: talk at lists.nyphp.org
Subject: [nycphp-talk] PHP function to execute HTML tags
Message-ID: <20120403.164424.18644.0 at webmail06.dca.untd.com>
Content-Type: text/plain; charset="windows-1252"
Hi!
Can you guys tell me what the PHP function that executes HTML tags when the content from the database contains HTML tags get dumped onto the webpage?
I used to know it but since I haven't used it for a long time, I can't think of its name right now.
What I am talking about is that when HTML tags got stored in the database, it gets treated like ordinary plain texts and when those plain texts get dumped onto the webpage, the browser treats or displays them as texts.
Thanks in advance!
Paul
____________________________________________________________
53 Year Old Mom Looks 33
The Stunning Results of Her Wrinkle Trick Has Botox Doctors Worried
http://thirdpartyoffers.netzero.net/TGL3231/4f7b6f799dd92335392bst04duc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120403/cf7273b4/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 03 Apr 2012 18:55:54 -0400
From: Ron Guerin <ron at vnetworx.net>
To: talk at lists.nyphp.org
Subject: Re: [nycphp-talk] PHP function to execute HTML tags
Message-ID: <4F7B7FFA.4010908 at vnetworx.net>
Content-Type: text/plain; charset=windows-1252
On 04/03/2012 05:44 PM, tuon1 at netzero.net wrote:
> Hi!
>
> Can you guys tell me what the PHP function that executes HTML tags when
> the content from the database contains HTML tags get dumped onto the
> webpage?
>
> I used to know it but since I haven't used it for a long time, I can't
> think of its name right now.
>
> What I am talking about is that when HTML tags got stored in the
> database, it gets treated like ordinary plain texts and when those plain
> texts get dumped onto the webpage, the browser treats or displays them
> as texts.
I'm not entirely sure I understand the question.
You can echo HTML retrieved from the database to execute HTML markup.
To see the markup as text, you can echo it after running it through
htmlentities().
http://us3.php.net/manual/en/function.htmlentities.php
- Ron
------------------------------
Message: 3
Date: Tue, 3 Apr 2012 19:32:01 -0400
From: "Hans Zaunere" <bulk at zaunere.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Subject: [nycphp-talk] Next Meeting Poll and PHP Usage Statistics
Message-ID: <001201cd11f1$f8da0280$ea8e0780$@zaunere.com>
Content-Type: text/plain; charset="us-ascii"
Hi all,
First, a couple of interesting stats/surveys:
http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
http://venturebeat.com/2012/01/11/what-developers-will-be-doing-learning-lis
tening-to-in-2012-survey-results/
Thoughts/conclusions from the two links? Some interesting correlations and
trends come to mind...
And now to collect some statistics of our own. NYPHP speaking super-star
Anthony Ferrara will be returning in the coming months, and we have the
opportunity to pick from the following topics:
STUPID and SOLID code:
http://nikic.github.com/2011/12/27/Dont-be-STUPID-GRASP-SOLID.html
becoming a better developer:
http://blog.ircmaxell.com/2011/11/becoming-better-developer.html
optimization strategies in PHP
starting with http://blog.ircmaxell.com/2011/08/on-optimization-in-php.html
and going into strategies and techniques
real-world applications of design patterns
http://blog.ircmaxell.com/2012/03/handling-plugins-in-php.html
PHP's internals, as a primer guide
http://blog.ircmaxell.com/2012/03/phps-source-code-for-php-developers.html
Please let's discuss on-list or send your +1 vote for a particular talk.
---
Hans Zaunere / New York PHP
------------------------------
Message: 4
Date: Tue, 03 Apr 2012 19:42:24 -0400
From: Rolan Yang <rolan at omnistep.com>
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] Next Meeting Poll and PHP Usage Statistics
Message-ID: <4F7B8AE0.8020605 at omnistep.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Logo is in the top 20???
On 4/3/2012 7:32 PM, Hans Zaunere wrote:
> Hi all,
>
> First, a couple of interesting stats/surveys:
>
> http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
>
> http://venturebeat.com/2012/01/11/what-developers-will-be-doing-learning-lis
> tening-to-in-2012-survey-results/
>
> Thoughts/conclusions from the two links? Some interesting correlations and
> trends come to mind...
>
>
> And now to collect some statistics of our own. NYPHP speaking super-star
> Anthony Ferrara will be returning in the coming months, and we have the
> opportunity to pick from the following topics:
>
> STUPID and SOLID code:
> http://nikic.github.com/2011/12/27/Dont-be-STUPID-GRASP-SOLID.html
>
> becoming a better developer:
> http://blog.ircmaxell.com/2011/11/becoming-better-developer.html
>
> optimization strategies in PHP
> starting with http://blog.ircmaxell.com/2011/08/on-optimization-in-php.html
> and going into strategies and techniques
>
> real-world applications of design patterns
> http://blog.ircmaxell.com/2012/03/handling-plugins-in-php.html
>
> PHP's internals, as a primer guide
> http://blog.ircmaxell.com/2012/03/phps-source-code-for-php-developers.html
>
> Please let's discuss on-list or send your +1 vote for a particular talk.
>
> ---
> Hans Zaunere / New York PHP
>
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>
------------------------------
Message: 5
Date: Tue, 03 Apr 2012 20:31:18 -0400
From: David Krings <ramons at gmx.net>
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] Next Meeting Poll and PHP Usage Statistics
Message-ID: <4F7B9656.8070407 at gmx.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 4/3/2012 7:42 PM, Rolan Yang wrote:
> Logo is in the top 20???
Yea, but I wonder how it got there. But then I also wonder what the point of
234234234234 different C dialects is.
David
------------------------------
Message: 6
Date: Tue, 3 Apr 2012 21:07:17 -0400
From: Lester Leong <lester.bleong at gmail.com>
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] PHP function to execute HTML tags
Message-ID:
<CAAxweOTBAY8zD04U9Czv_x1=6tXoXpcVqOyY5GXWQTJGEg3FNQ at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Double-check how the markup is being saved to the database. You might be
inadvertently applying htmlentities or other processing to escape / remove
special chars.
On Tue, Apr 3, 2012 at 6:55 PM, Ron Guerin <ron at vnetworx.net> wrote:
> On 04/03/2012 05:44 PM, tuon1 at netzero.net wrote:
> > Hi!
> >
> > Can you guys tell me what the PHP function that executes HTML tags when
> > the content from the database contains HTML tags get dumped onto the
> > webpage?
> >
> > I used to know it but since I haven't used it for a long time, I can't
> > think of its name right now.
> >
> > What I am talking about is that when HTML tags got stored in the
> > database, it gets treated like ordinary plain texts and when those plain
> > texts get dumped onto the webpage, the browser treats or displays them
> > as texts.
>
> I'm not entirely sure I understand the question.
>
> You can echo HTML retrieved from the database to execute HTML markup.
>
> To see the markup as text, you can echo it after running it through
> htmlentities().
>
> http://us3.php.net/manual/en/function.htmlentities.php
>
> - Ron
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120403/901e7970/attachment-0001.html>
------------------------------
Message: 7
Date: Wed, 4 Apr 2012 03:10:12 -0400
From: Rob Marscher <rmarscher at beaffinitive.com>
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] PHP function to execute HTML tags
Message-ID: <0270E513-664B-40E1-AB30-C3435F924743 at beaffinitive.com>
Content-Type: text/plain; charset="windows-1252"
On Apr 3, 2012, at 5:44 PM, tuon1 at netzero.net wrote:
> Can you guys tell me what the PHP function that executes HTML tags when the content from the database contains HTML tags get dumped onto the webpage?
>
> What I am talking about is that when HTML tags got stored in the database, it gets treated like ordinary plain texts and when those plain texts get dumped onto the webpage, the browser treats or displays them as texts.
>
As Lester mentioned, it sounds like your html was escaped when it was stored to the database. Another possibiliy is that you are using some type of framework (like Zend, Symfony, Cake, etc) that is automatically escaping output. If you are using a framework, let us know what it is. Just a guess, but how about this:
echo stripslashes($html);
http://php.net/stripslashes
or if that doesn't work
echo html_entity_decode($html);
http://php.net/html_entity_decode
Just be very careful about this html in your database. If it's being entered by a user, that's a very common source of security exploits in php. You need to make sure to clean it in some way. HtmlPurifier is a library that can do this for you - http://htmlpurifier.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120404/a2e0224b/attachment-0001.html>
------------------------------
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
End of talk Digest, Vol 66, Issue 3
***********************************
____________________________________________________________
53 Year Old Mom Looks 33
The Stunning Results of Her Wrinkle Trick Has Botox Doctors Worried
http://thirdpartyoffers.netzero.net/TGL3231/4f7cc9d6a833e55c31st06duc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120404/ca431701/attachment.html>
More information about the talk
mailing list