开发者

How to store <textarea> data, plus escape and return data

开发者 https://www.devze.com 2023-03-19 02:02 出处:网络
What\'s the best route for storingdata in 开发者_C百科MySQL. With MySQL should I just use, TEXT as my field type?

What's the best route for storing data in 开发者_C百科MySQL. With MySQL should I just use, TEXT as my field type?

As well when using mysql_real_escape_string() with return'ed values \r\n . But should I be running the htmlentities() on it after that?

And then when I return data to the screen I should use, NL2BR()?

Just trying to figure out the best route here for storing this information.

Thank you for your help!


TEXT or TINYTEXT or anything similar should be fine for storing ASCII data from the user. If you don't need a lot of space you may think about VARCHAR

i think that mysql_real_escape_string() escapes characters that may compromise the security of an SQL query (single quote, double quote, etc.) but doesn't do much more than that.

htmlentities() converts reserved html characters like < and > into their html encoded equivalent, &lt; and &gt; respectively. These characters are not dangerous for SQL queries so you probably do not need to escape them unless you want to display the HTML tag entered by the user as text, and not let it be interpreted as HTML.

NL2BR() is probably not necessary either.

Most importantly, your decision on when to use each of these functions will depend on your end application. You may need / want some but not others ( though you should definitely use mysql_real_escape_string() )


Really depends on what you are trying to store. For things such as usernames, passwords, etc... then you can use varchar. But if your storing long text such as news posts or html data, then you can use TEXT or LONG TEXT (Depending on how long it is).

You should ALWAYS use mysql_real_escape_string() when inserting into the DB. If you're outputting HTML from the DB, you may wan to run htmlentities or html_specialchars to ensure that you aren't outputting user injected javascript that could redirect your users to hacker websites and such.

One other idea is that you could escape your data using htmlentities before inserting into the DB, but it's your choice.

NL2BR is great for forcing all \r\n to
tags instead.

So, it seems like your on the right track...

0

精彩评论

暂无评论...
验证码 换一张
取 消