Data not displaying in HTML format retrieved from database using PHP

Question

I am having an issue where I am having a user enter information into a textarea and and having that information stored in a mysql database. The user is allowed to insert HTML into the textarea such as:

<ul>
  <li>Test</li>
</ul>

However, I am having trouble seeing why the data that is being retrieved from the database to display the data the user has entered, is not showing the correct HTML format the user requested.

This is what I have: Displaying the information:

<?php
function display ($result) {
  if (mysql_num_rows($result) > 0) {
    echo "<form action='scripts/submit.php' method='post'>";
      echo "<input type='submit' name='post' value='Post'/>";
      echo " | ";
      echo "<label for='searchDate'>Search Archives By Date:</label>";
      echo "<input type='text' name='searchDate'>";
      echo "<input type='submit' name='submitDate' value='Search'/>";
      echo " | ";
      echo "<label for='searchTicket'>Search Archives By Ticket:</label>";
      echo "<input type='text' name='searchTicket'/>";
      echo "<input type='submit' name='submitTicket' value='Search'/>";
      echo "<hr/>";
    echo "</form>";
    echo "<table border='1' id='resultTable'>";
      while($row = mysql_fetch_assoc($result)) {
      $replace = str_replace ("\n","<br/>",$row['content']);
      echo "<tr>";
        echo "<td><span id='boldText'>Entry By:</span> ".$row['user']." | <span id='boldText'>Description:</span> ".$row['description']." | <span id='boldText'>Entry Date:</span> ".$row['date']."</td>";
      echo "</tr>";
      echo "<tr>";
        echo "<td>";
            echo "<p>".$replace."</p>";
        echo "</td>";
      echo "</tr>";
      echo "<tr>";
        echo "<td>";
          echo "<form action='scripts/submit.php' method='post'>";
            echo "<input type='hidden' name='count' value='$row[count]'/>";
            echo "<input type='submit' name='edit' value='Edit'/>";
            echo "<input type='submit' name='delete' value='Delete'/>";
          echo "</form>";
        echo "</td>";
      echo "</tr>";
          }
          echo "</table>";
      }
      else {
        echo "<h3 id='noResults'>Nothing has been posted yet.  Click 'Post' to add something to the whiteboard.</h3>";
        echo "<form action='scripts/submit.php' method='post'>";
          echo "<input type='submit' name='post' value='Post'/>";
        echo "</form>";
      }
}

?>

Add Post Logic:

if(isset($_POST['add_post'])) {
$content = mysql_real_escape_string($_POST['content']);
$description = mysql_real_escape_string($_POST['desc']);

  $query = "INSERT INTO $table_name (user, description, content)
            VALUES ('$_SESSION[logged_in]','$description', '$content')";
  $result = mysql_query($query);
  session_write_close();
  header('Location: ../whiteboard.php');
}

For some reason the example above will not work, but this will:

<p style="font-weight: 900;">Test</p>

Answer 1

尝试解析，然后使用htmlentities（）或nl2br（）插入数据库，并在取回时进行相反的操作。

Answer 2

If you're viewing the database entries in a browser, you're going to see the result of the formatted HTML, not the actual markup - use htmlentities($result) if that's what you are after.

View the page source to see what is being retrieved and see how it differs from what you expect to see.