I'm working with Ionize - i'm trying to save text with html tags to mysqli, but i keep getting the text like this :
<p><div class="foo">foo</div></p>
while i want to get
<div class="foo">foo</div>
I've tried to replace all the htmlspecialchars methods with html_entity_decode
but it didn't worked
It's ok to have it saved like that, you just have to apply htmlspecialchars_decode on your result before printing it.
Related
I am saving data into mysql using htmlspecialchars(). On output when getting data using htmlspecialchars_decode() before displaying it in Angular. But instead of interpreting the html code it is displaying it as a text.
Data in Database
<p class="fr-tag"><span>test</span></p>
Code being displayed after htmlspecialchars_decode()
<p class="fr-tag"><span>test</span></p>
Displaying the output from database into div as follows
<div *ngIf="product.pdescription" class="mt-2 product-description">{{product.pdescription}}</div>
I have also tried using html_entity_decode but didn't help.
Following is a screenshot of the browser
In order to make it working you should use innerHTML or outerHTML binding:
<div *ngIf="product.pdescription" ... [innerHTML]="product.pdescription"></div>
But beware about some limitations
i'm doing a project in php!
the problem is array is not printing properly.
Actually im trying to retrieve text data from mysql using php.
im able to retrieve the data, but while im printing in the document it is not printing as i want!!
echo "<td><p onclick=alert('".$arr[$t]."'); ><u>VIEW</u></p></td>";
$arr[$t] is text data i retrieved from database.
it should print like this(assuming $arr[$t] has data "this is a paragraph")
but the actual output is like this..
output in CHROME
<td><p onclick="alert('this" is a paragraph'); ><u>VIEW</u></p></td>
output in FIREFOX
<td><p paragraph');="" a="" is="" onclick="alert('this" ><u>VIEW</u></p></td>
i dont know why it's happening. please help me out with this..
thanks in advance :)
The syntax highlighting from your chrome output gives it away - you have a double quote nested inside your double quotes, which is invalid HTML.
You should escape all output before rendering it, using something like htmlspecialchars (http://au2.php.net/manual/en/function.htmlspecialchars.php).
Also, you should wrap your onclick handler in quotes - eg. onlick="alert('stuff stuff more stuff')" or it won't parse correctly.
I have this textarea called personalInfos where i fill the infos in following format :
<p><span class="white">1966 - '69</span><br/> text .... </p>
When i submit it to database, it gets saved ok, same format. When i retrieve the code from database to admin textarea it gets filled ok.
My only problem is on front end where i get displayed the code as text not rendered as html code. So basiclly i see it on the page like this :
<p><span class="white">1966 - '69</span><br/>
Most likely you display fetched code parsed processed by htmlentities() or similar function. This is in most cases the way to go to avoid planting i.e. html in comments. So simply stop doing this after fetching (or insert - depends where you do so) and your content will be outputed as literaly HTML and properly processed by web browser.
You should have a look at htmlspecialchars_decode()
Example
$str = '<p><span class="white">1966 - \'69</span><br/> text .... </p>';
echo htmlspecialchars_decode($str);
Also make sure to escape the single quotes as well.
I'm relatively new to this and am familiar with echo in PHP but what I need is to have the contents of a field in a database to be placed in the page (but not as a written field)
For example
<?php echo $product_description['description']; ?>
the field description has html formating in it already so when I use 'echo' it writes out for example
<p>text on firstline <br> text on next line
And what I want is that this html from this field in the database that already has html formating to simply placed in the php page which would make it look like this
text on firstline text on next line
I assume I just need to use a different command than ECHO but don't know which one.
Try
echo html_entity_decode($product_description["description"]);
If that works, the HTML in your database has been encoded using htmlentities, so you must decode it to write to a page.
strip_tags is what you're after.
Use it like so: echo strip_tags($your database bit to echo here);
PHP docs for strip_tags
I am trying to format some bad html to output into a pop window. The html is stored in a field in a mysql database.
I have been performing json_encode and htmlspecialchars on the row in the php like so:
$html = htmlentities(json_encode($row2['ARTICLE_DESC']));
and calling my makewindows function, which simply takes the html as a paramter and uses it withdocument.write like so:
<p>Click for full description </p>
This works ok, as in some html code is produced, such as the following:
http://www.nomorepasting.com/getpaste.php?pasteid=22823&seen=true&wrap=on&langoverride=html4strict
pasted there because I do not know how to wrap lines in SO
The problem is that htmlspecialchars does not seem to be stripping bad html data, as no popup window is created. The error I receive with firebug is
missing ) after argument list
However the html is outside of my control.
From what I have read, I am taking the correct steps. If I am missing something out, what is it?
My full make windows function:
function makewindows(html){
child1 = window.open ("about:blank");
child1.document.write(html);
child1.document.close();
}
You shouldn't have the single quotes in the function call. It should look like this:
<p>Click for full description </p>
Then the output will look like
<p>Click for full description </p>
which is correct.
Try it the following way:
$html = htmlentities(json_encode($row2['ARTICLE_DESC']),ENT_QUOTES);
I think the single quotation marks are not escaped by default.
Nevertheless I recommend you saving the html in a JavaScript variable before opening the window.