On Fri, Jun 26, 2009 at 12:07 PM, Chris Shiflett wrote:
> On Jun 23, 2009, at 10:29, Martin Zvarík wrote:
>
>>> Don't htmlentiies() before DB save. In general:
>>> - mysql_real_escape_string() before DB insertion
>>> - htmlentities() before dispaly
>>
>> I, on the other hand, would do htmlentities
On Jun 23, 2009, at 10:29, Martin Zvarík wrote:
Don't htmlentiies() before DB save. In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly
I, on the other hand, would do htmlentities() BEFORE insertion.
Pros:
---
The text is processed once and doesn't ha
Philip Thompson napsal(a):
On Jun 23, 2009, at 9:29 AM, Martin Zvarík wrote:
Don't htmlentiies() before DB save. In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly
I, on the other hand, would do htmlentities() BEFORE insertion.
Pros:
---
The text
Eddie Drapkin napsal(a):
2. Can't display raw for the user (e.g. edit a forum post)
Edit a forum? You display the data in TEXTAREA...
Because seeing something like:
"Yeah!" is what he said.
Is awesome for the user experience.
If you don't do html...() before putting to text
On Jun 23, 2009, at 9:29 AM, Martin Zvarík wrote:
Don't htmlentiies() before DB save. In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly
I, on the other hand, would do htmlentities() BEFORE insertion.
Pros:
---
The text is processed once and doesn'
Cons:
1. Can't easily edit information in the database
True, so if you use phpmyadmin for editing - don't do what I suggested.
2. Can't display raw for the user (e.g. edit a forum post)
Edit a forum? You display the data in TEXTAREA...
3. Uses more space in the DB
True,
although I
Cons:
1. Can't easily edit information in the database
2. Can't display raw for the user (e.g. edit a forum post)
3. Uses more space in the DB
4. Isn't as easily indexed
5. Breaks il8n support of internal search engines (sphinx, lucene, etc.)
You're NEVER supposed to santize before inserting in th
On Tue, Jun 23, 2009 at 10:29 AM, Martin Zvarík wrote:
>>
>> Don't htmlentiies() before DB save. In general:
>>
>> - mysql_real_escape_string() before DB insertion
>>
>> - htmlentities() before dispaly
>>
>
>
> I, on the other hand, would do htmlentities() BEFORE insertion.
>
>
> Pros:
> ---
> The
If you use htmlentities after each query you can found problems like this:
My name is Martín.
Also the data is stored for be used in a html environment.
what happen if you need the data for other purposes?
On Tue, Jun 23, 2009 at 11:42 AM, Caner Bulut wrote:
> I have read somethings ab
I have read somethings about these issues. And i understand that If you use
htmlentities() BEFORE insertion, when querying DB from XML, PDF or other
data format, there will be some problems.
I have some PHP books, the author codding like Martin Zvarík's way. If you
have any pros and cons please sh
nýn
çýkarýldýðý /
takýlacaðý araç modeli
Parçanýn
çýkarýldýðý /
takýlacaðý araç modeli
I hope I can explain the problem. Thanks
-Original Message-
From: Shawn McKenzie [mailto:nos...@mckenzies.net]
Sent: 23 June 2009 00:01
To: php-gene
Caner BULUT wrote:
> Thanks for response.
>
> But if I use before display there is charset problems occurs. And
> htmlentities does not support Turkish Charset. How can I decode data after
> pass thought htmlentities.
I have no idea, I was just saying that if you use it, use it for display
and n
Thanks for response.
But if I use before display there is charset problems occurs. And
htmlentities does not support Turkish Charset. How can I decode data after
pass thought htmlentities.
Thanks.
-Original Message-
From: Shawn McKenzie [mailto:nos...@mckenzies.net]
Sent: 22 June 2009
13 matches
Mail list logo
