Don't htmlentiies() before DB save. In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly
I, on the other hand, would do htmlentities() BEFORE insertion.
Pros:
---
The text is processed once and doesn't have to be htmlentitied()
everytime you read the database - what a stupid waste of performance anyway.
Cons:
---
Instead "&" you'll see "&" ... is that a problem? Not for me and I
believe 80% of others who use DB to store & view on web.
Martin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
