Outputting html source back to .php page from field in MySQL database

[adrian28uk]

I have found a script that allows me to enter rich text via wysiwyg  editor on my site. It works great and inserts the html code to the field [ descripton ] in my database.

 

I am now scratching my head on how I convert this back to my webpage for a preview.

When I output this back to my page it showing me the html code only. the

 

< becomes <

 

" becomes "

 

And so on.

 

I need it to output and convert the html code so it shows the preview

 

Hope you can make some sense of thos.

[pocobueno1388]

Take a look at the html_entity_decode() function.

[adrian28uk]

That works a treat. Bloody hell I have messing around with this for about 2 hours looking for a function. Thank you very much.

 

[discomatt]

Be VERY careful with HTML input from untrusted sources. People can throw any data they want into a POST request, including dangerous javascript... if this is outputted to the end user at any point, an XXS attack can be easily performed.

[adrian28uk]

Then I suppose we need something that looks for a javascript tag?

[discomatt]

Here's a GREAT script that cleans XSS attacks for you

 

http://htmlpurifier.org/

[pocobueno1388]

Here's a GREAT script that cleans XSS attacks for you

 

http://htmlpurifier.org/

 

I second that. I've used the htmlpurifier class, and it works great.

[adrian28uk]

Brilliant. Thank you all for your help.