Presto-X Posted October 22, 2009 Share Posted October 22, 2009 Hello everyone, I would like to know what the best practice for cleaning up and saving mixed text and html like that of a blog post, this is getting submitted via POST from a textarea. And should I be using longblob or longtext as my type or does it matter? Should I be cleaning up the posted information before submitting it to the database? Link to comment https://forums.phpfreaks.com/topic/178639-saving-html-to-mysql-whats-the-best-practice/ Share on other sites More sharing options...
Garethp Posted October 22, 2009 Share Posted October 22, 2009 I use varchar. And yes, you should, it's easy. $Variabletocleanup = mysql_real_escape_string($Variabletocleanup); Link to comment https://forums.phpfreaks.com/topic/178639-saving-html-to-mysql-whats-the-best-practice/#findComment-942256 Share on other sites More sharing options...
cags Posted October 22, 2009 Share Posted October 22, 2009 You will need to be carefull if you plan to allow HTML, that you don't leave yourself open to XSS attacks. One of the main reasons bbcode style tags are so popular is because it makes life easier when it comes to sanitizing data. Some people remove unwanted tags before entering into the database, wheras I've read a lot of articles recommending doing it before output from the database. The main advantage being if you decided to allow tags that weren't originally allowed, anybody that already used them will automatically gain the benefit in their past posts. You can use strip_tags along with the second parameter to allow specific tags. Personally I prefer to use htmlentities and bbcode tags for allowed tags. Link to comment https://forums.phpfreaks.com/topic/178639-saving-html-to-mysql-whats-the-best-practice/#findComment-942342 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.