CodeIgniter Forums
Store HTML in database - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forum-28.html)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forum-30.html)
+--- Thread: Store HTML in database (/thread-77691.html)



Store HTML in database - AngelRodriguez - 10-05-2020

Hi,

In my web, users can write their custom HTML and I store it in MySQL database.

Which is the best way to store this HTML? 

CI4 escape this html by default? should i use htmlspecialchars, addslashses, etc or something like that? base64 encode maybe? or it is not necessary?

Thank you.


RE: Store HTML in database - hobbyci - 10-07-2020

I would allow specific BBC-Tags. Not pure HTML.
Than you can convert the tags to the corresponding HTML tag.

First rule for security: Never trust user input

Edit: If you really want storing HTML in your database, then take a look at http://htmlpurifier.org/