Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
HTML text from database not displaying correctly?
#1
If you've upgraded to mySQLi and you find that HTML text is displaying the HTML code as well as the text, all you need to do is update the PHP code as in the following example:

Old code:

PHP Code:
<?php echo($recordset->getColumnVal("textcolumn")); ?>

New code:

PHP Code:
<?php echo($recordset->getColumnVal("textcolumn",false)); ?>
Reply
#2
Also related:
in rsobj.php

Global change
$this->CrossSiteProtect = true;

to:
$this->CrossSiteProtect = false;

https://www.webassist.com/forums/posts.php?id=41870
Reply
#3
(08-31-2024, 09:34 PM)bizpatĀ (Patrice) Wrote: Also related:
in rsobj.php

Global change
$this->CrossSiteProtect = true;

to:
$this->CrossSiteProtect = false;

https://www.webassist.com/forums/posts.php?id=41870

I think there may be a security issue with applying this globally? I'm sure I saw in a previous thread that it wasn't advisable and better to only apply to specific text areas.
Reply
#4
Understood. Ray advised if only on admin, it is ok to use global...

"If it is only administrators that can insert and update database content, then it is probably safe to just turn off the Cross Site Scripting protection in the rsobj.php file. You would just have to be conscious to always update that line if you ever updated the rsobj.php file in future updates."

So, yes Mags is correct but there is an exception if on my sites, I only allow admins to make edits.

Thanks Mags as always!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)