The recordset has built in Cross Site Scripting protection that prevents html and script from running from the database. To override that you just have to change your display code from:
$Recordset->getColumnVal("column");
to:
$Recordset->getColumnVal("column", false);
Adding the additional 'false" argument will tell it to bypass the protection and allow html and script to be displayed from the database column.