Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

When to use htmlentities:  validating input?  or when echoing out to browser?

Posted on 2010-11-29
2
Medium Priority
?
377 Views
Last Modified: 2013-12-12
At first I thought htmlentities and htmlspecialchars was just to be used when echoing a value to the browser and not to be used to validate input data from a user. So that is where I put the htmlentities, for example.

echo htmlentities($title, ENT_QUOTES);

In my case I am excepting values from a user and inputting these values into a database. These database values will eventually be echoed back out to a browser. What if I use htmlentities to validate the users input only, before it is put into the database and not use it when echoing output?

Does this provide the same protection?

Thanks.
0
Comment
Question by:kadin
2 Comments
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 1000 total points
ID: 34236256
That is what I always do.  It is even BETTER protection because nothing malicious can ever get into your database in the first place.  

The cost is a few bytes extra in the database for special characters, because they are stored as &#nnn; but it's worth that to me, so that I never have to worry about it for output.
0
 

Author Comment

by:kadin
ID: 34236279
Thanks. All this is new to me, so I was not even sure if I could do this.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question