Parsing html code from MySQL text field

[kid A]

I'm looking for the magical code that lets you display for example links as links and not html tags when taken from a text field in a database in much the same way as it's done here on vBulletin and other forums like PhpBB.

I've found a few leads but nothing concrete as yet. I'm guessing strstr and the like are useful functions in this case?

[Grizzly]

If you store the raw string content of HTML in a database, and then read it, and spit it out for the browser it'll be rendered all the same. I think what you're wanting to figure out is how to auto-hyperlink URLs that don't have <a> tags around them right?

Download the latest version of phpBB, and check out their function library, they have some pretty slick regular expressions they wrote to do just that. (uses preg_replace() I believe)

[kid A]

Yes that is indeed a function that I have been looking at, however I can only find calls to it and not actually the function itself, no matter how much I searched!

I understand what goes into it and what comes out, but without the function I'm pretty much stuck!

As for rendering <a> tags and the like, I was pretty sure they were NOT actually shown as hyperlinks ??

I thought I had tried this, but perhaps stripslashes or htmlspecialchars functions make it impossible? *heads off to test*

[kid A]

Nope. All it displays is the raw code:

Dette er årets album!Med Happy Songs har Mogwai levert sitt hittil mest gjennomførte produkt. Her er de stillferdige skottene på god vei til å nå ut til de store massene, skjønt her til lands har de en overraskende stor tilhengerskare. Mye takket deres hyppige opptrendener. <a href=/index.php>Dette er en test</a>

I use the following code to display the above (a text field in my database):

PHP Code:

require($Unix_path ."xiocms/db.inc.php");
    $query = "select * from data";
    $result = mysql_query($query);
    $num_res = mysql_num_rows($result);
    for ($i=0; $i<$num_res; $i++) {
        $row = mysql_fetch_array($result);
        $ingress = htmlspecialchars(stripslashes($row["ingress"]));
        echo $ingress; 


What am I doing wrong? Or do you now understand what I'm after?

[Grizzly]

If you viewed the source of the resulting document you would see that htmlspcialchars() is converting your open and close tags to their "html-entity" equivelants.

htmlspecialchars() is commonly used to protect against people entering abusive HTML and/or JS into dynamic content. It literally escapes the characters that have special meaning to your browser, so the browser won't render it as hyper-text mark up.

If you're not worried about people entering abusive content into your site (an <iframe> to a porn site or a nasty pop-up ad or something), than by all means remove the htmlspecialchars() function-call, and you can enter HTML 'till the cows come home.

If however, you're worried about people entering abusive content, there are number of different ways you can approach protecting your site against it. Let me know if this is the case and we can discuss those options further, and yeah - I have that function for you if you decide you want to take that route. But if you're simply letting raw HTML through, than you'll find no need for that function.

[kid A]

Ah! Seems I was onto something with the htmlspecialchars... A little research wouldnt have hurt I suppose, but the book is so thick...

I actually don't need to be protected against abusive content being entered as it is only site admins that will have access to the script. But I might come back later as I've also planned to create a custom user forum and comments sections.

Once again though, thanks for the brilliant expertise *bows*