rendering html code from database

Hi guys

how do I render html code that is stored in database?

for example:

stored in database:

<b>bold text</b>

when got from database and printed to screen:

bold text

Currently that is not happening, what gets printed is actually

<b>bold text</b> where < and > are represtentd as special characters like, using firebug inspector to see the actuall html code for the characters < >

<b>bold<b>

Of corse browser renders that as <b>bold</b> but not like bold

And what is best way to store html data in mysql database? Do I use

text or blob?

Appreicate any input at all or pointers.

When I need to do that I just use "decode" method

"decode() method (available since v1.1.8 ).

Decodes special HTML entities back to the corresponding characters. This is the opposite of encode()."

More about the decode method Class reference - decode

ex:

$data = TableModel::model()->blablabla

echo CHtml::decode($data['collumn'];

The "encode" method encodes special characters into HTML entities. The application charset will be used for encoding.

More about the encode Class reference - encode

echo CHtml::encode($data['collumn'];

Hi I noticed that if I dont use anything just $data->column I get same result as you did with decode. What is the benefit of using decode? Is there some security benefit in using decode since if I get same result without it why call it at all? Anyone who can explain.

You might want to take a look at CHtmlPurifier, it can process your output and you won’t need to CHtml::encode() on the content. This is what I use in my applications.

Here’s a link to the class reference:

http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier

Does the stored HTML need to be really complicated ? If not, maybe nicer solution would be to store markdown formatted text and use CMarkdown for rendering. Storing html could lead to security issue. Anyway, best is to use a "text" data type instead of a a blob.