Don't htmlentiies() before DB save.  In general:

- mysql_real_escape_string() before DB insertion

- htmlentities() before dispaly

I, on the other hand, would do htmlentities() BEFORE insertion.

The text is processed once and doesn't have to be htmlentitied() everytime you read the database - what a stupid waste of performance anyway.

Instead "&" you'll see "&" ... is that a problem? Not for me and I believe 80% of others who use DB to store & view on web.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to