[SlugBug] HTML special chars and databases?
Richard Fletcher
RFletcher at zedcore.com
Mon May 16 14:04:34 BST 2005
On Monday 16 May 2005 13:51, Matthew Gray wrote:
> Hi all,
>
> I've been wondering about this for a little while and wanted to get
> some opinions: When putting text into a database, for later display
> in a webpage, do you:
>
> a) Store the database field with the HTML special chars encoded -
> ie the field had & < > inside it.
>
> or,
>
> b) Store the data with the raw characters, and encode the
> characters to their HTML representations when the record is
> displayed.
If you have a process (A) to run over the text to make it safe for html and
process (B) to make it safe for emai,. then you would store the text
unaltered in the database and then apply A if putting the text into html and
B if email. If there is no B and A will always be applied before the text is
displayed, it is best to do A before insertion into the database.
Usually there is a B - or there will be, in fact, usually there is a C,D,E,F
and G as well. We wrote a CMS in PHP where database values are assigned to
classes for that type. We now have output settings for if the data is going
to html or email or if line breaks should be converted to <br /> tags and
have the ability to extend the fields to cope with BBCode WikiCode or
anything else that might appear useful.
As ever - it depends upon what you want to do to the data tommorrow as well as
what you want to do today.
You would not want to have to do A' (the reverse process of A assuming it has
one) to then do B.
--
Richard Fletcher
Zedcore Systems
UK tel/fax: 0114 238 1828
Global tel/fax: +44 114 238 1828
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.email-lists.org/pipermail/slugbug/attachments/20050516/dccb0874/attachment.bin
More information about the SlugBug
mailing list