I am running a CKEditor TextArea WYSIWYG field through htmlspecialchars() and dumping it into a database.
I am then fetching the field in the database and it's outputting HTML to the screen. Any reason why it is outputting the HTML and not actually utilizing the HTML for markup?
CODE FOR THE DATA DUMP:
if (isset($_POST['submit'])) {
$ticketBody = htmlspecialchars($_POST['ticketBody']);
$sql = "INSERT INTO tickets (ticket_text) VALUES(:ticketBody)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':ticketBody', $ticketBody, PDO::PARAM_STR);
$stmt->execute();
}
LOOPING THROUGH THE DATA
foreach ($rows as $row) {
<?php echo $row['ticket_text']; ?>
}
Screencast of Output: http://screencast.com/t/wbUUS3OrW
NOTE: Adding htmlspecialchars_decode to my echo statement works but turns my text white! Which I'm not sure why, either - http://screencast.com/t/JgJMaoCdyuTM
strip_tags() function doesn't work either.
Use mysqli_real_scape_string instead of html_special_chars this will maintain your html code anda specials chars while your database keep safe, in the next link you can found documentation if this.