Data in SQL table is being read as HTML

Question

I have a function that fetches one or multiple rows from a database and in php, goes through a series of foreach loops to make a table body from it, like so:

function buildTableRowsByPCS($connection, $numbers) {
        $body = NULL;

        foreach($numbers as $number) {
            $rows = getRowFromPCS($connection, $number);
            $body .= '<tr>';
            foreach($rows as $row) {
                if(is_array($row)) {
                    $body .= '<td>';
                    foreach($row as $r) {
                        $body .= $r.'<br>';
                    }
                    $body .= '</td>';
                } else {
                    $body .= '<td>'.$row.'</td>';
                }
            }
           $body .= '</tr>';
        }
        return $body;
    }

It is working fine, but, sometimes one of the columns has a cell of data that seems to be disturbing the html, whether it be a "/" or "<" or ">" etc. Which results in me getting a mismatch error in my datatable. Is there any way whether in php or sql to treat the data gotten as purely text and treat the characters in it as nothing to do with HTML etc?

This is same answer as how to prevent XSS injections because it is the same concept. A forward slash should not affect anything.. — user3783243, Jan 29 '21 at 11:37
Does this answer your question? [How to prevent XSS with HTML/PHP?](https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php) — user3783243, Jan 29 '21 at 11:37

score 0 · Answer 1 · answered Jan 29 '21 at 11:37

0

You can apply htmlspecialchars() or htmlentities() to the value before you output it, that will convert all applicable characters to HTML entities, for instance > will become >.

answered Jan 29 '21 at 11:37

KIKO Software

15,283
3
18
33

Data in SQL table is being read as HTML

1 Answers1