In Laravel 5 and Blade, I'm using a form with a textarea to store text in a mysql database and then display it back out to the user. I want to be able to preserve the carriage returns. I tried the simple approach of using the nl2br()
function which replaces the \r\n with tags:
public function setBodyAttribute($data){
$this->attributes['body'] = nl2br($data);
}
It seems that Blade won't allow html to be displayed as HTML.
{{ $example->body }}
What is the best way to get around this?
Since you mentioned Laravel 5, you're looking for:
{!! $example->body !!}
In Laravel 4, {{ $data }} would echo data as is, whereas {{{ $data }}} would echo data after running it through htmlentities.
However, Laravel 5 has changed it so that {{ $data }} will echo data after running it through htmlentities, and the new syntax {!! $data !!} will echo data as is.
Documentation here.
Related
I'm using laravel 9. I have stored data using summer note in the database, but it shows empty or null when I retrieve data from the database.
here is my code.
{!! Str::of($item->product_description)->limit(40) !!}
Try this
{!! Str::limit($item->product_description,40) !!}
I have a problem to insert a redirect link into a message in a redirect laravel command.
This is what I woould to have:
return redirect('validation')->with('warning','to correct mistake, click here');
and after click on the here, I have to load another page with the url mapped on here.
Something like this, but this solution not work:
return redirect('validation')->with('warning','to correct mistake, click here');
I think you using the this in you view to show the warning.
{{ session('warning') }}
You need to use these brackets in your view to show the warning and to allow the html to be processed by the browser.
{!! session('warning') !!}
These brackets {{ }} escape html tags and will render html as plain text to prevent XSS attacks.
If you want to inject html from the backend you must use {!! $html !!} which will render the html as html.
You can checkout the Displaying Date -- Laravel Docs for a better explanation.
I was digging through laravel and I went through how the blade views are interpreted and what I came across was that:
This:
{{ $tenant->name }}
Translates to this:
<?php echo e($tenant->name); ?>
I don't understand what the e() method is for? I could not find it on the php.net too so I am guessing it is a part of laravel 5 itself. But what does it do?
from the docs:
e()
The e function runs htmlentities over the given string:
echo e('<html>foo</html>');
// <html>foo</html>
http://laravel.com/docs/5.1/helpers#method-e
say your going to print some data from the database on a web page, or going to put in to the database as a input like,
{{ $tenant->name }}
and think value of $tenant->name is something like
<script>
alert("Errors....");
</script>
after rendering this in the browser you will get an alert. This is an security issue so we need to avoid from rendering those content and we don't need these kind of data in out database.
so we need to sanitize those data
to do that laravel provides some options
HTML::entities($tenant->name);
and e() is and helper function to HTML::entities
and you can get the same behavior by using
e($tenant->name);
if $tenant->name is <script>alert("Errors....");</script> then after applying to e() you will get something below,
"<script>
alert("Errors....");
</script>"
this is no longer process as a script
here is a good recipe
OR there is a easy way to do this
use triple curly braces {{{ }}} instead of double braces {{ }} this will also sanitize the content.
I have a variable $title that I want to save in the database.
I need to display it with its value on the page using Laravel5.
my code is:
{!! $article->title !!}
that gives me the following data on the page : $title , instead I want to see the value of the variable.
I will appreciate any help.
to output it on blade:
{{ $article->title }}
Are you sure that you have the right value in the database? Because {!! $article->title !!} don't make much more than convert it into
<?php echo $article->title ?>
so if you get $title as output, my assumption is that you store that in some way as value to the db.
you also can execute normal php in blade, so try to
<?php var_dump($article)?>
or
<?php var_dump($article->title)?>
to check what you really receive.
Output in laravel 5 blade:
{{ $article->title }}
I have an "artist" resource, and on the show route page I have a form. I am using Laravel Blade syntax. As part of this form, I am trying to send the page ID to the back end of a Laravel 4 project. I am doing it this way:
{{Form::hidden('artist-id',null, array(
'id' => '{{$artist->id}}',
));}}
However, when using this, the browser throws an error, because it is not rendering the $artist->id variable within the brackets before the outside brackets of the input form.
Is there a way around this or another way to pass back this variable for the resource? Thank you!
So anything inside the blade tags {{ }} is treated as standard PHP. Using further {{ }} inside existing blade tags is just going to throw a big error.
Because anything inside the blade tags is treated as PHP you can simply do the following
{{ Form::hidden('artist-id', null, ['id' => $artist->id]) }}
Although posting that input isn't going to give you the value you want, because the value supplied is null. The id attribute is the html ID given to the html attribute. You need the following to set the value on the input, which will then be posted in with your form data
{{ Form::hidden('artist-id', $artist->id) }}
You don't need to nest your blade call like that, this should work:
{{ Form::hidden('artist-id', null, array('id' => $artist->id)) }}