Laravel how to save HTML to database and then retrieve it
The {{ }} is the "safe" blade echo; it actually re-encodes things with htmlspecialchars automatically before outputting the data.
Try {!! html_entity_decode($ads->ad1) !!} or something similar. I'm not sure how it's getting stored, so you might have to do different decoding, but the key thing here is to use {!! !!}, which displays the raw, unescaped data.
See https://laravel.com/docs/5.6/blade#displaying-data
Related videos on Youtube
11 : 13
12 : 22
14 : 27
11 : 40
01 : 24
24 : 38
06 : 49
Slaveworx
2001 | Started with HTML and PHP (at age 9) 2005 | Scripting phase (creating websites via OS scripts - phpNuke, phpBB, XMB, e107, Wordpress) 2006 | CSS, Javascript, jQuery 2015 | Ruby, Python 2018 | Advanced PHP, Laravel, JSON 2020 | VueJS
Updated on September 15, 2022Comments
-
Slaveworx over 1 year
This question was already asked, however, I still didn't get anything working properly.
I am trying to create a functionality in my Admin Panel on my Laravel App that allow user to paste ad codes that then will be rendered in specific parts of the laravel app.
I already have my view:
<form action="{{ route('update.ads', $ads->id) }}" method="POST" class="form-horizontal"> {{ csrf_field() }} <div class="form-group"> <label class="control-label col-sm-12" >Ad1 (Interstitial or popup on Homepage)</label> <div class="col-sm-10"> <input type="text" name="ad1" id="ad1" class="form-control" value="{{ $ads->ad1 }}"> </div> </div> <div class="form-group"> <label class="control-label col-sm-12" >Ad2 (Video Page - Banner Desktop)</label> <div class="col-sm-10"> <input type="text" name="ad2" id="ad2" class="form-control" value="{{ $ads->ad2 }}"> </div> </div> <div class="form-group"> <label class="control-label col-sm-12" >Ad3 (Video Page - Banner Mobile)</label> <div class="col-sm-10"> <input type="text" name="ad3" id="ad3" class="form-control" value="{{ $ads->ad3 }}"> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <input type="submit" class="btn btn-info" value="Update" /> </div> </div> </form>I have my controller:
public function updateAds($id, Request $request){ $this->validate($request, [ 'ad1', 'ad2', 'ad3' ]); $adsData = $request->only(["ad1","ad2","ad3"]); $adsData['ad1'] = htmlentities($adsData['ad1']); $adsData['ad2'] = htmlentities($adsData['ad2']); $adsData['ad3'] = htmlentities($adsData['ad3']); Ad::find($id)->update($adsData); Session::flash('success_msg', 'Ads updated successfully!'); return redirect()->route('admin.ads'); }Data is saved, but then when i try to retrieve it on my pages, no matter what code i write, the content will always be text. It is never rendered as code.
Here is what i have tried in terms of output:
{{ addslashes(htmlspecialchars_decode($ads->ad1)) }} {{ htmlspecialchars_decode($ads->ad1) }}Thank you all for your help! Regards, Tiago
-
iamab.in almost 6 yearsreplace{{ }}with{!! !!}. Be very careful when echoing content that is supplied by users of your application. Always use the escaped, double curly brace syntax to prevent XSS attacks when displaying user supplied data. see this -
iamab.in almost 6 yearsDon't ignore the warning. As you are trying to echoing content that is supplied by user there is a big security issue. If a user saves the code as ``env('DB_PASSWORD')` it will show your application's db password when displaying with
{!! !!}. Or they might able to execute sql queries.
-
-
Babak Asadzadeh over 3 yearsthis is not an answer you should better to post that in comment