Eddie Drapkin napsal(a):

    2. Can't display raw for the user (e.g. edit a forum post)
    Edit a forum? You display the data in TEXTAREA...

Because seeing something like:
<textarea>&quot;Yeah!&quot; is what he said. </textarea>
Is awesome for the user experience.

If you don't do html...() before putting to textarea this can happen:

<textarea>   blabla <b></textarea>  blabla  </textarea>


3. Uses more space in the DB

    although I use htmlspecialchars() which doesn't replace that many

That makes it no better of a practice to pre-sanitize.

You've still yet to offer any compelling reasons why you think this is a good idea.

It's DEFINITELY easier to store RAW data to DB, because it won't give you any headaches in the future - when you might need to add some other functionality requiring this.

But for me personally is doing - htmlspecialchars() - BEFORE the DB insertion the choice to go, because I am looking for performance.

ok? respect

Reply via email to