+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Store HTML in database (/showthread.php?tid=77691)
Store HTML in database - AngelRodriguez - 10-05-2020
Hi,
In my web, users can write their custom HTML and I store it in MySQL database.
Which is the best way to store this HTML?
CI4 escape this html by default? should i use htmlspecialchars, addslashses, etc or something like that? base64 encode maybe? or it is not necessary?
Thank you.
RE: Store HTML in database - hobbyci - 10-07-2020
I would allow specific BBC-Tags. Not pure HTML.
Than you can convert the tags to the corresponding HTML tag.
First rule for security: Never trust user input
Edit: If you really want storing HTML in your database, then take a look at http://htmlpurifier.org/