On Tue, Jun 23, 2009 at 10:29 AM, Martin Zvarík<mzvarik@xxxxxxxxx> wrote: >> >> Don't htmlentiies() before DB save. In general: >> >> - mysql_real_escape_string() before DB insertion >> >> - htmlentities() before dispaly >> > > > I, on the other hand, would do htmlentities() BEFORE insertion. > > > Pros: > --- > The text is processed once and doesn't have to be htmlentitied() everytime > you read the database - what a stupid waste of performance anyway. > > > Cons: > --- > Instead "&" you'll see "&" ... is that a problem? Not for me and I > believe 80% of others who use DB to store & view on web. > > > > Martin > Different strokes for different folks. The performance hit isn't that great, and now you're potentially storing more data since individual characters (generally 1 or 2 bytes) are inflated to entities that are often around 6-8 bytes. Additional Cons: If the content ever needed to be formatted for something other than html (either now or in the future) you'd have to remove the entities every time you read the database. So now you have a "stupid wast of performance" again AND you're still storing the extra bytes in the database. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
