Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Store HTML in database
Store HTML in database
  • Offline AngelRodriguez
    Junior Member
  • **
  • Posts: 17
    Threads: 8
    Joined: Aug 2020
    Reputation: 0
#1
10-05-2020, 03:06 PM

Hi,

In my web, users can write their custom HTML and I store it in MySQL database.

Which is the best way to store this HTML? 

CI4 escape this html by default? should i use htmlspecialchars, addslashses, etc or something like that? base64 encode maybe? or it is not necessary?

Thank you.
Reply
  • Offline hobbyci
    Junior Member
  • **
  • Posts: 14
    Threads: 4
    Joined: Jul 2020
    Reputation: 0
#2
10-07-2020, 11:51 AM
(This post was last modified: 10-07-2020, 11:56 AM by hobbyci.)

I would allow specific BBC-Tags. Not pure HTML.
Than you can convert the tags to the corresponding HTML tag.

First rule for security: Never trust user input

Edit: If you really want storing HTML in your database, then take a look at http://htmlpurifier.org/
Reply




Theme © iAndrew 2016 - Forum software by © MyBB