Re: Character Entity References

Michael Fesser <netizen@xxxxxx> posted in comp.lang.php:

.oO(George Maicovschi)

The problem starting with escaping the input data using htmlentities()
and from my point of view, escaping data before it goes to the DB is a
rather good thing not a bad one.

Escaping yes, but not in this way. Data in a DB should never be stored
in an output-specific or media-dependent encoding, but in a raw format.
Pure data, nothing else. Just think about things like

* output to something else than HTML, for example a PDF or a plain text
newsletter
* a fulltext search

Both tasks will be almost impossible or at least much more complicated
with HTML data in the DB, but pretty easy to do with raw data.

You, Jerry, and others espouse this idea and I certainly understand the
merits. But it leaves me with a question.

How do you deal with display data that may be required in both HTML and/or
PDF? ie: italic word(s) within the data.

My current solution is storing the <em> tags in the DB, but I don't really
like it for the very reasons you stated.


--
Mark A. Boyd
Keep-On-Learnin' :)
.