Spring Posted February 6, 2012 Share Posted February 6, 2012 So, If I want to store something like: Hello<br /> <b>This is a sentence </b> I would need to use htmlentities So I could output the HTML after it's stored in the database safely? Quote Link to comment https://forums.phpfreaks.com/topic/256533-a-quick-verification-please-htmlentities/ Share on other sites More sharing options...
Psycho Posted February 6, 2012 Share Posted February 6, 2012 Typically, you want to store the data in its original format. Then, translate the data at the time you are going to output it. Here are a couple reasons why this is a better approach, IMO: 1. If you run the input through htmlentities(), or any other translation, you will expand the size of the content. This can cause problems when you are trying to define the size of your database fields. E.g. if you have a field that you only want to allow the user to enter 20 characters you will have to make the database field much larger to accommodate the content after it is run through htmlentities(). It would be uncommon for a user to enter A LOT of characters that would need to be converted. But, how many do you account for? To cover the absolute worst case scenario you would have to make the DB field at least 120 characters! 2. If you ever want to output the data into something other than an HTML page you will have to try and reverse the process of htmlentities(). By keeping the content in its original form you can easily translate the content for any output type you need. Quote Link to comment https://forums.phpfreaks.com/topic/256533-a-quick-verification-please-htmlentities/#findComment-1315118 Share on other sites More sharing options...
Spring Posted February 6, 2012 Author Share Posted February 6, 2012 Okay, well storing it in it's original format is fine, should I output it with that function? Or keep it outputted normally as well? I just want to make sure it's safe. Quote Link to comment https://forums.phpfreaks.com/topic/256533-a-quick-verification-please-htmlentities/#findComment-1315122 Share on other sites More sharing options...
Psycho Posted February 6, 2012 Share Posted February 6, 2012 Okay, well storing it in it's original format is fine, should I output it with that function? Or keep it outputted normally as well? I just want to make sure it's safe. Generally, you would want to use htmlentities() on any user supplied content when using that content in the HTML markup of a page. However, there are limitless scenarios and that is not the correct process for all of them. That is your job to determien what, if anything, needs to be done - and do it. Quote Link to comment https://forums.phpfreaks.com/topic/256533-a-quick-verification-please-htmlentities/#findComment-1315124 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.