When I try to echo most of XTHML tags inside a PHP loop which one echo's data from a MySQL it just shows text in browser. I'm running XAMPP Control Panel with Apache and MySQL for tests.
CODE:
echo "<textarea readonly>";
while ($wiersz = mysql_fetch_array($sql_wynik_zapytania))
{
echo " ".$wiersz['NICK'].":\n";
echo $wiersz['KOMENT']."\n"."<hr />"."\n";
}
echo "</textarea>";
The results in browser:
NICK:
a
<hr />
NICK:
asdaa
<hr />
pallluch:
cccc
"a" "asdaa" "cccc" are just random texts added to table in databse for tests.
Echo works perfectly fine with <textarea>, but <hr> doesn't seems to.
Can anyone help?
A textarea element can't contain anything other than plain text.
You are writing invalid HTML and the browser is trying to recover by treating the < character as plain text instead of the start of a tag.
It looks like you aren't using the textarea to accept user input anyway (you've made it readonly). Don't use a textarea element here. You probably want to use <pre> instead.
Related
I have a php variable $username and following script:
<?php
echo ''.$username.'';
?>
If $username contains something <b it bolds text. How can I prevent that?
Use htmlspecialchars
echo ''.htmlspecialchars($username).'';
See documentation: http://php.net/manual/en/function.htmlspecialchars.php
echo ''.htmlentities($username).'';
like that:
<?php
echo ''.htmlspecialchars($username).'';
?>
http://php.net/manual/fr/function.htmlspecialchars.php
the echo in PHP returns the HTML of whatever you tell it should. So if you use e.g.
echo "This is my text which should be displayed as it is <b>";
the browser will translate it into the according HTML Text (every browser has built in mechanics to "repair" malformed HTML), which will be
<b>This is my text which should be displayed as it is</b>
This is not only wrong, but also a security risk. Imagine someone uses an extremely long name which would translate into javascript once the browser renders it. Your server would turn into a spambot machine.
To prevent this from happening, you have to use the according php function, which is htmlspecialchars() (or htmlentities();
So your code will be:
echo ''.htmlspecialchars($username).''
and it will display the name as intended.
You need to strip (remove) HTML tags from the string.
echo '' . strip_tags($username) . '';
http://php.net/manual/en/function.strip-tags.php
I am using php to echo a bunch of text from a table in my database. The problem is, the text I am printing by php are poems and I need to have line breaks to separate different lines. (ONE poem is stored in a cell of a table)
My question is does the code below work? i.e. Can the <br> tag work? If it doesn't, what can I do to produce the intended results?
(I haven't set up my php so I cant test it myself...) Thanks in advance!
<?php
echo "To drift with every passion till my soul <br>
Is a stringed lute on which all winds can play, <br>
Is it for this that I have given away <br>
Mine ancient wisdom, and austere control? <br> ";
?>
Yes you can use html code inside php using echo function. here's an example
This link from the manual might help you understand better.
<?php
Echo "<html>";
Echo "<title>HTML with PHP</title>";
Echo "<b>My Example</b>";
//your php code here
Print "<i>Print works too!</i>";
?>
Yes -- To be exact, anything you echo will work, including JavaScript to be precise.
I'm relatively new to this and am familiar with echo in PHP but what I need is to have the contents of a field in a database to be placed in the page (but not as a written field)
For example
<?php echo $product_description['description']; ?>
the field description has html formating in it already so when I use 'echo' it writes out for example
<p>text on firstline <br> text on next line
And what I want is that this html from this field in the database that already has html formating to simply placed in the php page which would make it look like this
text on firstline text on next line
I assume I just need to use a different command than ECHO but don't know which one.
Try
echo html_entity_decode($product_description["description"]);
If that works, the HTML in your database has been encoded using htmlentities, so you must decode it to write to a page.
strip_tags is what you're after.
Use it like so: echo strip_tags($your database bit to echo here);
PHP docs for strip_tags
I have a chunk of html code stored in a field in a mysql database. If i try and echo it out it just sits on the page as text. Is there a way to echo it out in a working fashion. ( Meaning the html displays what it is meant to display )
The code is stored in a varchar field and i used nl2br with special characters to insert it. The code display's as text but it is what it should be.
Again can i echo the code out in a working way?
EDIT - This is the code that is displayed on the page.
<img name="" src="http://www.mysite.com/assets/viewcart.png" width="114" height="48"alt="" />
and this is the code stored in the database.
<img name="" src="http://www.mysite.com/assets/viewcart.png" width="114" height="48" alt="" />
The Echo request i used to get the code out was a simple.
echo $row['htmlcode'];
Thanks for any help and examples.
You could try running your text through html_entity_decode() before echoing it.
as in echo html_entity_decode($row['htmlcode']);
I'm getting data from my textarea with the following code
$about_me=mysql_real_escape_string(nl2br($_POST['about_me']));
which
1. Receives data, using $_POST.
2. nl2br makes brakes so If I echo this code to user he will see if there were new lines.
3. mysql_real_escape_string to secure code from mysql injections before entering it to database.
So if I echo this code everything works fine.
But If I edit it again through textarea, php goes to mysql gets data, puts it to textarea and I see <br> signs...
How can I get rid of them while editing my text again in textarea ?
How can I get rid of them while editing my text again in textarea ?
Stop using nl2br(), of course. It's entirely wrong here.
You use nl2br() when you want to output data that contains linebreaks to HTML, not when you want to store it in the database. Store data unchanged, format it for viewing.
If you output it into a <textarea> you don't need to use it either, since textareas display linebreaks (whereas HTML in general does not). For the textarea you need htmlspecialchars(), but apparently this is already happening - otherwise you would not see literal <br> showing up.
<?php
function br2nl($string){
$return=eregi_replace('<br[[:space:]]*/?'.
'[[:space:]]*>',chr(13).chr(10),$string);
return $return;
}
?>
Use this while getting data from database and before printing into textarea .
http://php.net/manual/en/function.nl2br.php
Check examples on this page