1

I'm trying to develop a simple PHP page that allow me to print some data in a database. The problem is that some data aren't "clean", i think that in the data there are some html tag (i suppose).

An example of data is the following:

%3Ch1%3E%3Cspan+style%3D%22color%3A+rgb%280%2C+0%2C+51%29%3B%22%3EDirettore+Artistico%3C%2Fspan%3E%3C%2Fh1%3E

To solve my problem i tried this:

<?php
 $result = mysql_query("SELECT text FROM mutable WHERE (id_obj = 1)");
 while($row = mysql_fetch_array($result)){  
 echo "<p>" . html_entity_decode($row['text']) . "</p>";  
}

This solution don't work, i don't know if is important but the charset of my db is : latin1_swedish_ci

  • 2
    How are you receiving this data? It looks urlencoded. – Halcyon Mar 09 '16 at 12:20
  • This data are store in a database, i have no idea about how is store. I must parse this data and recover the text without any tag. These data have been created with a kind of editor type that used by cms –  Mar 09 '16 at 12:25
  • Please stop using the `mysql` extension for php - it's [deprecated](http://php.net/manual/en/function.mysql-connect.php). Use `PDO` or `mysqli` instead. – Dezza Mar 09 '16 at 12:30

3 Answers3

3

its urlencoded html

Check this: urlencode($userinput) outputs:

%3Ch1%3E%3Cspan+style%3D%22color%3A+rgb%280%2C+0%2C+51%29%3B%22%3EDirettore+Artistico%3C%2Fspan%3E%3C%2Fh1%3E

And this: urldecode($userinput) outputs:

<h1><span style="color: rgb(0, 0, 51);">Direttore Artistico</span></h1>

EDIT:

From your question:

<?php
 $result = mysql_query("SELECT text FROM mutable WHERE (id_obj = 1)");
 while($row = mysql_fetch_array($result)){  
 echo "<p>" . html_entity_decode($row['text']) . "</p>";  
}

DO NOT use mysql_* functions. Use PDO instead.

Why shouldn't I use mysql_* functions in PHP?

Community
  • 1
  • 1
2

If you don't know how this data is produced it's impossible to know what transformations to do to get the original. It looks like the data is urlencoded, that's easy enough to reverse with urldecode.

If you want the HTML to be interpretted you can do:

echo '<p>' . urldecode($row["text"]) . '</p>';
// result:
<p><h1><span style="color: rgb(0, 0, 51);">Direttore Artistico</span></h1></p>

If you want the HTML to show as it's plaintext you need to encode it:

echo '<p>' . htmlspecialchars(htmlenturldecode($row["text"])) . '</p>';
// result:
<p>&lt;h1&gt;&lt;span style=&quot;color: rgb(0, 0, 51);&quot;&gt;Direttore Artistico&lt;/span&gt;&lt;/h1&gt;</p>
Halcyon
  • 57,230
  • 10
  • 89
  • 128
-2

strong text 

$string= "%3Ch1%3E%3Cspan+style%3D%22color%3A+rgb%280%2C+0%2C+51%29%3B%22%3EDirettore+Artistico%3C%2Fspan%3E%3C%2Fh1%3E";
echo urldecode($string);

?>

maxhb
  • 8,554
  • 9
  • 29
  • 53
prem bhadouriya
  • 20
  • 3