Best practice. Do I save html tags in DB or store the html entity value?

Posted by Matt on Stack Overflow See other posts from Stack Overflow or by Matt
Published on 2010-05-05T22:43:40Z Indexed on 2010/05/05 23:38 UTC
Read the original article Hit count: 291

Filed under:

php

|

html-entities

|

xss

|

encoding

Hi Guys,

I was wondering about which way i should do the following. I am using the tiny MCE wysiwyg editor which formats the users data with the right html tags. Now, i need to save this data entered into the editor into a database table.

Should I encode the html tags to their corresponding entities when inserting into the DB, then when i get the data back from the table, not have the encode it for XSS purposes but I'd still have to use eval for the html tags to format the text.

OR

Do i save the html tags into the database, then when i get the data back from the database encode the html tags to their entities, but then as the tags will appear to the user, I'd have to use the eval function to actually format the data as it was entered.

My thoughts are with the first option, I just wondered on what you guys thought.

© Stack Overflow or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about html-entities

Resolving html entities with NSXMLParse on iPhone

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, i think i read every single web page relating to this problem but i still cannot find a solution to it, so here i am. I have an HTML web page wich is not under my control and i need to parse it from my iPhone application. Here it is a sample of the web page i'm talking about: <HTML> … >>> More
URL Multiple Query Parameters Encoded with HTML Entities

as seen on Bradino - Search for 'Bradino'
I came across a situation where a URL with multiple query parameters was encoded using htmlentities() and PHP was not recognizing the query parameters using $_GET. A common case for encoding urls using htmlentities() is to use them inside XML documents. So a url with multiple query parameters, encoded… >>> More
Objective-C: How to replace HTML entities?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm getting text from Internet and it contains html entities (i.e. ó = ó). I want to show this text into a custom iPhone cell. I've tried to use a UIWebView into my custom cell but I prefer to use a multiline UILabel. The problem is I can't find any way of replacing these HTML entities… >>> More
JSON htmlentities javascript

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I am using an XMLHttpRequest to POST a JSON string to PHP. The JSON object is created in JavaScript and using the JSON2.js from json.org to create an JSON string representing the object. JSON.stringify(object); Whenever the object contains a string which has a special character in it, e.g.… >>> More
Php DOMDocument Htmlentities problem

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I use DOMDocument. My code here. $dom = new DOMDocument('1.0', 'utf-8'); $textNode = $dom->createTextNode('<input type="text" name="lastName" />'); $dom->appendChild($textNode); echo $dom->saveHTML(); Output: <input type="text" name="lastName" > But i want to… >>> More