zhangy Posted February 1, 2009 Share Posted February 1, 2009 Hello, I am have some HTML information that has been submitted to a database. I would like it to display properly after selecting it. Can someone tell me how this can be done? What I've tried so far hasn't worked. Is there a way to specify that it is HTML code? If so when to do so? When its being submitted to the database? When its being selected? I don't know how to do this. ??? Any help will be greatly appreciated on this one. Link to comment https://forums.phpfreaks.com/topic/143355-solved-display-html/ Share on other sites More sharing options...
Snart Posted February 1, 2009 Share Posted February 1, 2009 If this HTML is not shown properly, most likely the tags were stripped or the <> were replaced with their < > counterparts. I'm assuming you're retrieving the code from the database and then echo it to the screen. Could you copy/paste the echoed code here (and copy it from the "view source code" screen in your browser so we can see all special characters)? Link to comment https://forums.phpfreaks.com/topic/143355-solved-display-html/#findComment-751868 Share on other sites More sharing options...
zhangy Posted February 1, 2009 Author Share Posted February 1, 2009 OK I didn't notice this earlier but apparently its not even being submitted to the database. <?php function check_input($data, $problem='') { $data = mysql_real_escape_string(trim(strip_tags(htmlspecialchars($data)))); if ($problem && strlen($data) == 0) { show_error($problem); } return $data; } function show_error($myError) { ?> <html> <body> <b>Please correct the following error:</b><br /> <?php echo $myError; ?> </body> </html> <?php exit(); } if ( isset($_POST['submit']) ) { require_once('Load.php'); $connect = mysql_connect($db_host, $db_user, $db_pwd); mysql_select_db($database); $country = check_input($_POST['country'], "Please choose a country."); $compname = check_input($_POST['companyname'], "Please enter your company's name."); $email = htmlspecialchars($_POST['email']); if (! preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email) ) { show_error('E-mail address not valid.'); } $subject = check_input($_POST['subject'], "Please enter a subject."); $message = mysql_real_escape_string($_POST['message'], "Please enter your advertisement."); $ip = $_SERVER['REMOTE_ADDR']; $insert = mysql_query("INSERT INTO $table (col_1, col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$country', '$compname', '$email', '$subject', '$message', ".time().", '$ip')"); } header('Location: ../advertThanks.php'); exit(); ?> Everything but the $message shows up in the database. Could mysql_real_escape_string() be interfering somehow? Link to comment https://forums.phpfreaks.com/topic/143355-solved-display-html/#findComment-751874 Share on other sites More sharing options...
Snart Posted February 1, 2009 Share Posted February 1, 2009 AFAIK, that doesn't strip HTML tags, it just escapes some characters. However, htmlspecialchars() does replace < and > by < and > htmlspecialchars() is actually meant to make sure HTML code is NOT displayed as HTML. Link to comment https://forums.phpfreaks.com/topic/143355-solved-display-html/#findComment-751876 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.