[SlugBug] HTML special chars and databases?
Andy Davidson
andy at nosignal.org
Mon May 23 22:08:19 BST 2005
On 16 May 2005, at 13:51, Matthew Gray wrote:
> I've been wondering about this for a little while and wanted to get
> some opinions: When putting text into a database, for later display
> in a webpage, do you:
> a) Store the database field with the HTML special chars encoded -
> ie the field had & < > inside it.
Oof. We do it this way :
- Store no markup in the database whatsoever.
- parse page logic pages through HTML::Template, a templating
engine which allows us to use lines in our page templates such as :
<p><TMPL_VAR ESCAPE=HTML NAME=BLAH></p>
The perl which calls the template assigns the raw content to a 'tag'
named - in this case, 'BLAH'. The template marks up the content (in
this case, just formats it into a standard paragraph) and escapes any
of the special characters in html.
A bit nicer, methinks !
Cheers
Andy
--
Regards, Andy Davidson
http://www.fotoserve.com/
Great quality photo prints, gifts and clothing from digital photos.
More information about the SlugBug
mailing list