<div>
Do not store the converted values in the database. &nbsp;Store the originals.<br />
<br />
Use these functions whenever your script creates output from user input. &nbsp;Typically this would be in the View component of the MVC design pattern. &nbsp;The idea is to make stray and unwanted HTML and JavaScript into something that is safe for the client browsers. &nbsp;If you do not do this, the client browser will run JavaScript when you send the JavaScript, and that may include doing some rather nasty things to the clients.
</div>


Do not store the converted values in the database.  Store the originals.

Use these functions whenever your script creates output from user input.  Typically this would be in the View component of the MVC design pattern.  The idea is to make stray and unwanted HTML and JavaScript into something that is safe for the client browsers.  If you do not do this, the client browser will run JavaScript when you send the JavaScript, and that may include doing some rather nasty things to the clients.

<div>
Hi experts, <br />
<br />
If I don't store the converted value into database, what can I do to prevent a sql injection? I am trying to convert characters in away that can be safely stored into database with sql injection prevention. Thanks.
</div>


Hi experts,

If I don't store the converted value into database, what can I do to prevent a sql injection? I am trying to convert characters in away that can be safely stored into database with sql injection prevention. Thanks.

<div>
<div class="content wysiwyg-content">
Dear experts,<br />
<br />
I know what htmlentites and htmlspecialchars do as in converting &lt;, &gt;, &amp;, etc... into &amp;lt, &amp;gt etc..<br />
<br />
I wish to know when to use these functions and shall I store conveted values such as &amp;lt, &amp;gt etc. into database?<br />
<br />
Thanks
</div>
</div>


Dear experts,

I know what htmlentites and htmlspecialchars do as in converting <, >, &, etc... into &lt, &gt etc..

I wish to know when to use these functions and shall I store conveted values such as &lt, &gt etc. into database?

Thanks

Why and when to use htmlentities and htmlspecialchars

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

HTML (HyperText Markup Language) is the main markup language for creating web pages and other information to be displayed in a web browser, providing both the structure and content for what is sent from a web server through the use of tags. The current implementation of the HTML specification is HTML5.

HTML

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.