I realize that part - my whole point was that it didn't really matter how it
was stored as long as it gets extracted/parsed correctly. With that in mind,
instead of using 3 functions to store, extract, and parse the data, I can
use one function to prepare the data to be stored in a format that can be
extracted directly into an form-friendly format.
Not to mention that HTML entities are still ASCII characters, and I do not
foresee any problems with using the HTML entities in place of quote marks.
To me, it makes the most sense. Quote marks are generally special characters
used everywhere, and storing them as quote marks instead of the entities
seems to be asking for trouble, in my opinion. I've stored values using
slashes for the past few years, and that method has given so many
problems... Speaking as an experienced web programmer, I believe this is a
much more practical method for a lot of us.
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 2:39 PM
To: Jonathan Hilgeman
Cc: '[EMAIL PROTECTED]'
Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs
Oh, one more thing - maybe you don't understand what the slashing is for:
don't store \" in the database -- the slash is there just so the MySQL
statement is correct. MySQL knows about slashing and will replace your \"
" so what you store in the database is exactly what the user typed in the
Jonathan Hilgeman wrote:
> How is it the \"proper\" way to do it and why does it have to remain the
> \"proper\" way of doing it? Simply because it retains the same character
> the database? What good is that if the data will simply be extracted and
> unslashed at a later point anyway?
> How the data is kept internally should not be an issue if it is only
> to be later extracted and parsed anyway. That's a partial reason we use
> timestamps instead of storing the full date everywhere. It's called proper
> And I think in cases where HTML forms are used in conjunction with
> databases, the HTML equivalents are a heck of a lot more proper than
> slashes, not to mention more efficient. The only downside I see is that
> instead of taking up 2 characters, it takes up 6, but since many fields we
> all use won't ever contain quotes, I see it as a more than reasonable
> I personally consider it a bad habit to use slashes unless you're dealing
> with regexes. And not everybody does it that way.
> - Jonathan
> -----Original Message-----
> From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 1:41 PM
> To: Jonathan Hilgeman
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs
> That would be because this way you'll end up with the proper data in the
> database instead of HTML-encoded strings. Plus it's the proper way to do
> everybody does it this way and it's a good habit.
> Jonathan Hilgeman wrote:
> > I thought I made it somewhat clear:
> > > when I'm dealing with form inputs that can contain quote marks
> > Why run 3 functions at separate times when you can run one once just
> > data is inserted into the database?
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]