storing email text based templates as base64_encode and storing in database

PHA+SGV5IChuYW1lKTwvcD4NCg0KDQoNCg0KPHA+VGhhbmsgeW91IGZvciB1c2luZyA8c3Ryb25nPjx1PmNvbXBhbnkmbmJzcDs8L3U+PC9zdHJvbmc+ZGVtbywgd2UgaG9wZSB5b3UgZm91bmQgaXQgd29ydGggd2hpbGUsIGlmIHlvdSB3b3VsZCBsaWtlIGZ1dGhlciBpbmZvbWF0aW9uIHBsZWFzZSBjb250YWN0IHVzPC9wPg0KDQoNCg0KDQo8cD5yZWdhcmRzIHRlc3QgdXNlcjwvcD4NCg0K

Open in new window


base64_encode

Open in new window


So i am creating a basic form to allow users to create text based email templates, it does include files and images but only he the format of links which direct the user to the file so it still is text.

i need to store this in a database which i have done. i am wondering is this the best practice ? i am using CKEDITOR to.

or is their a beter way ?
Alex LordAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lenamtlCommented:
This sound ok to me.

I'm doing similar to this but using TinyMCE and raw output using the template option that can be embed inside the text editor.
https://www.tiny.cloud/docs/plugins/template/#templates

For my case I'm creating some ready to use template for the user so user only need to select the appropriate template from a list.
Those template are html/php files loaded inside the editor so nothing is saved in DB.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
I'm guessing you're using base64 to save a little space.

You can accomplish the same space saving by just using row compressions, which will leave your data in human readable form.

And as lenamtl said, what you're doing will work too.

My preference is to use row compression, so data can be pulled out + used, without doing a base64 decrypt first.
gr8gonzoConsultantCommented:
Base64 does not save space. Base64 actually wastes space - it increases overall usage by about 33% on average.

I would suggest not using Base64 at all. The whole point of Base64 encoding is to store binary data using printable characters (which is why it takes up more space - you're trying to fit 256 possible values from one byte into multiple bytes that only have 64 possible values each. It's the equivalent of being asked what your favorite color is and being given the choices of "blue", "green", and "red" - but your favorite color is "cyan", so you pick blue AND green (you've picked multiple colors that, when together, make the original one color).

You can still store in in the database, but either use escaping on the value or use a prepared statement / query to insert the value so you're not opening yourself up to SQL injection.

I'd also HEAVILY caution against any sort of cross-user template usage (e.g. user A creates a template and user B can see it). This is just begging to be abused by a malicious user who injects malicious code into a template. Just because the code can be inserted without SQL injection doesn't mean it's safe. A malicious user could inject some Javascript (e.g. in a <script> tag or an event handler like a click or mousemove), and have it redirect a good user to a bad or malicious site or open them up to XSS (e.g. dump cookies to a remote site and allow session hijacking).

You need to be VERY thorough in validating any input from users. Remember that malicious users don't have to play by the rules. It's easy to bypass any client-side validation and restrictions and simply upload whatever data you want, so you need to actually check the results before allowing them to be used.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.