On Jun 23, 2009, at 10:29, Martin Zvarík wrote:
Don't htmlentiies() before DB save. In general:
- mysql_real_escape_string() before DB insertion
- htmlentities() before dispaly
I, on the other hand, would do htmlentities() BEFORE insertion.
Pros:
---
The text is processed once and doesn't have to be htmlentitied()
everytime you read the database - what a stupid waste of performance
anyway.
Isn't reading from the database every time a much bigger waste? Sounds
like you might benefit from reading about Amdahl's law:
http://en.wikipedia.org/wiki/Amdahl%27s_law
Additionally, these slides from a talk by George Schlossnagle are good:
http://schlossnagle.org/~george/talks/ZendPerf.pdf
Amdahl's law aside, it does make sense in some cases (profiles for
social apps, for example) to cache this information in a ready-to-be-
displayed format, but no one should be talking about "performance" and
"reading from the database every time" in the same sentence.
Chris
--
Chris Shiflett
http://shiflett.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
