Re: Character Entity References

From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
Date: Sun, 30 Mar 2008 12:09:25 -0500

George Maicovschi wrote:

The problem starting with escaping the input data using htmlentities()
and from my point of view, escaping data before it goes to the DB is a
rather good thing not a bad one.

Definitely NOT. htmlentities() is a display attribute, and has no business in a database.

Do you work for Jones & Jones?

If the data displays right in the output of the script no worries
there, he decoded it with html_decode_entities().

Not necessary if it's not encoded in the first place.

Why do you guys say it's a lousy consultant because he escaped the
input? Should he have just made the insert with whatever data came to
him? I would like to hear a strong point of view on this matter, since
escaping inputs is in my opinion (as well in many other devs' opinion)
a very good programming practice and a must.

Because someone who does that does not understand programming and databases and is totally incompetent.

What goes in the database is DATA. It should NEVER be mixed with display-specific attributes.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Follow-Ups:
- Re: Character Entity References
  - From: Erwin Moller

References:
- Character Entity References
  - From: ft310
- Re: Character Entity References
  - From: Michael Fesser
- Re: Character Entity References
  - From: Jerry Stuckle
- Re: Character Entity References
  - From: Michael Fesser
- Re: Character Entity References
  - From: George Maicovschi

Prev by Date: Cheap Wholesale all NIKE.shox.Air max.AF1.TN.Jordan.shoes.Apple Ipods Nano, Xbox 360, Sony PS3, Sony PSP.wii.all laptops http://www.new-nikeshoes.cn
Next by Date: Re: RSS Feed Creation Question
Previous by thread: Re: Character Entity References
Next by thread: Re: Character Entity References
Index(es):
- Date
- Thread