Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

When to use htmlentities:  validating input?  or when echoing out to browser?

Posted on 2010-11-29
2
Medium Priority
?
374 Views
Last Modified: 2013-12-12
At first I thought htmlentities and htmlspecialchars was just to be used when echoing a value to the browser and not to be used to validate input data from a user. So that is where I put the htmlentities, for example.

echo htmlentities($title, ENT_QUOTES);

In my case I am excepting values from a user and inputting these values into a database. These database values will eventually be echoed back out to a browser. What if I use htmlentities to validate the users input only, before it is put into the database and not use it when echoing output?

Does this provide the same protection?

Thanks.
0
Comment
Question by:kadin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 1000 total points
ID: 34236256
That is what I always do.  It is even BETTER protection because nothing malicious can ever get into your database in the first place.  

The cost is a few bytes extra in the database for special characters, because they are stored as &#nnn; but it's worth that to me, so that I never have to worry about it for output.
0
 

Author Comment

by:kadin
ID: 34236279
Thanks. All this is new to me, so I was not even sure if I could do this.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question