Solved

When to use htmlentities:  validating input?  or when echoing out to browser?

Posted on 2010-11-29
2
357 Views
Last Modified: 2013-12-12
At first I thought htmlentities and htmlspecialchars was just to be used when echoing a value to the browser and not to be used to validate input data from a user. So that is where I put the htmlentities, for example.

echo htmlentities($title, ENT_QUOTES);

In my case I am excepting values from a user and inputting these values into a database. These database values will eventually be echoed back out to a browser. What if I use htmlentities to validate the users input only, before it is put into the database and not use it when echoing output?

Does this provide the same protection?

Thanks.
0
Comment
Question by:kadin
2 Comments
 
LVL 27

Accepted Solution

by:
yodercm earned 250 total points
ID: 34236256
That is what I always do.  It is even BETTER protection because nothing malicious can ever get into your database in the first place.  

The cost is a few bytes extra in the database for special characters, because they are stored as &#nnn; but it's worth that to me, so that I never have to worry about it for output.
0
 

Author Comment

by:kadin
ID: 34236279
Thanks. All this is new to me, so I was not even sure if I could do this.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question