---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ > -----Original Message----- > From: Jason Wong [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 1:09 PM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] htmlspecialchars > > On Wednesday 15 January 2003 01:24, Foong wrote: > > > I wonder which is the better way to store data into database? > > 1. stor the data after we call htmlspecialchars with the data (means we > > store " as "e; in database) > > 2. stor the data in non encoded form and call htmlspecialchars whenever > we > > want to display it. > > It mostly depends on what you do with the data. For example: > > If you only store the data once (and never re-edit it) then use (1). > > If the data is used for other purposes as well (like gets sent in an > email) > then use (2). Even if you're going to edit it, it's better to do htmlspecialchars() when you save the data. You have to do it anyhow, when you place it as the value of a text box. $value = 'This is "the" value'; Now if you try to put that in a text box like this: <input type="text" value="<?=$value?>"> Then you'll have problems. Yes, you can use single quotes, but then what happens when there is a single quote in the data? The best way to do it is to convert the special characters when you save it. The only exception to this would be if you ever want to use that data outside of HTML (i.e. mail, like you said). Hope that helps. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
