php - HTML Output from DB Issue -
i running ckeditor textarea wysiwyg field through htmlspecialchars()
, dumping database.
i fetching field in database , it's outputting html screen. reason why outputting html , not utilizing html markup?
code data dump:
if (isset($_post['submit'])) { $ticketbody = htmlspecialchars($_post['ticketbody']); $sql = "insert tickets (ticket_text) values(:ticketbody)"; $stmt = $conn->prepare($sql); $stmt->bindparam(':ticketbody', $ticketbody, pdo::param_str); $stmt->execute(); }
looping through data
foreach ($rows $row) { <?php echo $row['ticket_text']; ?> }
screencast of output: http://screencast.com/t/wbuus3orw
note: adding htmlspecialchars_decode
echo
statement works turns text white! i'm not sure why, either - http://screencast.com/t/jgjmaocdyutm
strip_tags()
function doesn't work either.
use mysqli_real_scape_string instead of html_special_chars maintain html code anda specials chars while database keep safe, in next link can found documentation if this.
Comments
Post a Comment