Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
How should be kept as HTML tags in database?
I will store HTML code through admin page of my php program. I use prepared statements in PDO for storing. But before that, do i need to use htmlspecialchars() or htmlentities() ?
Or by storing html using prepared statement will work fine ? Any overheads later ?
Later this html is used to display as content inside a HTML page and this content from database should render as HTML itself.
For real, in your case no precautions should be taken.
There is no need for
htmlspecialchars()as you want to display html and no need to usehtmlentities()if the character set of your site is equal to the one you use in your database. Also you don’t have to escape the string on your own as prepared statements will take care of that.However,
htmlentities()will not cause any harm but using it is just waste of performance. The easiest way to deal with the character set is to simply use UTF-8 to avoid any conflicts.