If you use htmlentities after each query you can found problems like this: My name is Mart&iacute;n. Also the data is stored for be used in a html environment. what happen if you need the data for other purposes? On Tue, Jun 23, 2009 at 11:42 AM, Caner Bulut <canerblt@xxxxxxxxx> wrote: > I have read somethings about these issues. And i understand that If you use > htmlentities() BEFORE insertion, when querying DB from XML, PDF or other > data format, there will be some problems. > > I have some PHP books, the author codding like Martin Zvarík's way. If you > have any pros and cons please share us. > > Thanks. > > 2009/6/23 Martin Zvarík <mzvarik@xxxxxxxxx> > > > > >> Don't htmlentiies() before DB save. In general: > >> > >> - mysql_real_escape_string() before DB insertion > >> > >> - htmlentities() before dispaly > >> > >> > > > > I, on the other hand, would do htmlentities() BEFORE insertion. > > > > > > Pros: > > --- > > The text is processed once and doesn't have to be htmlentitied() > everytime > > you read the database - what a stupid waste of performance anyway. > > > > > > Cons: > > --- > > Instead "&" you'll see "&" ... is that a problem? Not for me and I > > believe 80% of others who use DB to store & view on web. > > > > > > > > Martin > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- Martin Scotta
