[nycphp-talk] Re: New PHundamentals Article
Chris Shiflett
shiflett at php.net
Mon Jan 5 13:57:40 EST 2004
--- John Lacey <jlacey at att.net> wrote:
> > There are also two different opinions on this:
> >
> > 1. Perform htmlentities() prior to storage.
> > 2. Perform htmlentities() prior to display.
> >
> > The first can be better if you must display data in HTML very often.
> > Rather than perform htmlentities() every time, you can just pull
> > straight from the database.
>
> FWIW, I believe data should be "display-agnostic" for want
> of a better term. Keeping it "raw" is, in my opinion, the
> way to handle stored data.
Yes, and this is why some people argue for case 2. However, believe me
when I tell you that once you are having to fetch and display this data
millions of times a day, you might find yourself being a bit more
open-minded. :-)
I think it's best to choose whichever approach is appropriate for the
situation.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security Handbook
Coming mid-2004
HTTP Developer's Handbook
http://httphandbook.org/
More information about the talk
mailing list