I have a login system that gives users the ability to have profiles.
But I noticed if I update my Bio with </div> </div> </div> it is read and will break the page. Using PHP inside the bio also is working. I know there is a way to make it pull as text only, and not as active php, but I am forgetting the Class/Div settings to do so.
I know I am probably missing something obvious, I assume its something along the line of
<li><strong> Bio: </strong> **<plaintext>**<?php echo $row['bio']; ?>**</plaintext>**</li>
Advertisement
Answer
In displaying database results, its recommended to convert all html tags to their special entities.
In php, you can use either
1.) htmlspecialchars()
2.) htmlentities()
For instance
$string ="<b>hello</b>"; echo htmlentities(string);
If you are running xampp server, you will need to implement htmlentities twice, I do not know whether if that is a bug with php
something like
echo htmlentities(htmlentities(string));
In a nutshell, you can use
strip_tags() to strip out all html out of a variable during data insertion and updates as it comes from form inputs and use htmlspecialchars or htmlentities when dispalying database results to user
so in your own case this will do
<?php echo htmlentities(htmlentities($row['bio'])); ?>
or
<?php echo htmlentities($row['bio']); ?>