User Name
Password
AppleNova Forums » Programmer's Nook »

Quotes and html entities in MySql and HTML


Register Members List Calendar Search FAQ Posting Guidelines
Quotes and html entities in MySql and HTML
Thread Tools
nassau
Member
 
Join Date: Jul 2004
 
2006-10-01, 09:06

someone please tell me, which of these two ways of thinking is better, more secure?

1. just escaping quotes, thus saving them as they are in the database. also leaving tags <> as they are, saving them to database. later when displaying data, you would convert these characters to html entities, &quote; etc..

2. converting quotes and <> to html entities before saving to database, thus saving altered data. later when displaying data, you would display data as it is, since it has already been converted.


i'm leaning towards the 1st option since i don't want to alter input data unless neccesary
  quote
nassau
Member
 
Join Date: Jul 2004
 
2006-10-01, 09:32

basically the question is:

should i filter html entities going IN or going OUT of the database

i'm leaning towards filtering going OUT..
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2006-10-01, 17:48

I don't think there a simple "better" answer. Each is better under certain circumstances.

Personally, I would prefer the latter, converting to HTML entities when they are output.
  quote
Gargoyle
http://ga.rgoyle.com
 
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
 
2006-10-01, 18:18

I would second what Brad said. You might not always want to display your data on the web, so It would be best to keep it in its original form.

OK, I have given up keeping this sig up to date. Lets just say I'm the guy that installs every latest version as soon as its available!
  quote
nassau
Member
 
Join Date: Jul 2004
 
2006-10-02, 03:39

yea, that's what i'm thinking too. thanks for the input.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools

« Previous Thread | Next Thread »

All times are GMT -5. The time now is 07:42.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova