7

I'm stuck with trying to figure out how to display html tags inside of a mysql table. I've tried using addslashes, mysql_real_escape_string, as well as stripslashes to view the tags properly. Everytime I view the data through the browser, it shows the text of the html. Example:

I have this in a mysql database table:

<strong>Test</strong>

It should display as this when viewed on a webpage: Test

But instead, it displays <strong>Test</strong>

My PHP code to view the content is:

<?php

require_once("inc.php"); //This includes the configuration for mysql database

?>
<html>
  <head>
  </head>
  <body>
    <p>
<?php

$conn = mysql_connect(HOST,USER,PASS) or die(mysql_error());
        mysql_select_db(NAME) or die(mysql_error());

$sql = "SELECT * FROM events";
$query = mysql_query($sql);

while($row = mysql_fetch_assoc($query)){
  echo(stripslashes($row['details'])); //The details is what contains the <strong>Test</strong>
}

mysql_close($conn) or die(mysql_error());

?>
    </p>
  </body>
</html>
Improve this question
3
  • What code are you using to display the data? Also, based on your question, you should probably add PHP as a tag. Commented Mar 1, 2013 at 8:06
  • 1
    Most likely the framework you use does automatic output escaping to prevent xss attacks. In all the frameworks I know there is an easy way to output a string without escaping. You should add the name of your framework to the question. Commented Mar 1, 2013 at 8:08
  • I'm using PHP to display the data. Commented Mar 1, 2013 at 8:11

1 Answer 1

Reset to default
47

Use htmlspecialchars_decode

Replace the following line

  echo(stripslashes($row['details'])); //The details is what contains the <strong>Test</strong>

With

  echo htmlspecialchars_decode(stripslashes($row['details'])); //The details is what contains the <strong>Test</strong>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is working! why not accepted this answer. Really helpful.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.