Jump to content

Recommended Posts

Typically, you want to store the data in its original format. Then, translate the data at the time you are going to output it.

 

Here are a couple reasons why this is a better approach, IMO:

 

1. If you run the input through htmlentities(), or any other translation, you will expand the size of the content. This can cause problems when you are trying to define the size of your database fields. E.g. if you have a field that you only want to allow the user to enter 20 characters you will have to make the database field much larger to accommodate the content after it is run through htmlentities(). It would be uncommon for a user to enter A LOT of characters that would need to be converted. But, how many do you account for? To cover the absolute worst case scenario you would have to make the DB field at least 120 characters!

 

2. If you ever want to output the data into something other than an HTML page you will have to try and reverse the process of htmlentities(). By keeping the content in its original form you can easily translate the content for any output type you need.

Okay, well storing it in it's original format is fine, should I output it with that function? Or keep it outputted normally as well? I just want to make sure it's safe.

 

Generally, you would want to use htmlentities() on any user supplied content when using that content in the HTML markup of a page. However, there are limitless scenarios and that is not the correct process for all of them. That is your job to determien what, if anything, needs to be done - and do it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.