Store HTML in database |
Hi,
In my web, users can write their custom HTML and I store it in MySQL database. Which is the best way to store this HTML? CI4 escape this html by default? should i use htmlspecialchars, addslashses, etc or something like that? base64 encode maybe? or it is not necessary? Thank you.
I would allow specific BBC-Tags. Not pure HTML.
Than you can convert the tags to the corresponding HTML tag. First rule for security: Never trust user input Edit: If you really want storing HTML in your database, then take a look at http://htmlpurifier.org/ |
Welcome Guest, Not a member yet? Register Sign In |