Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best way to store articles in a database? (php and sql)

I want to store articles in a database, but I cannot seem to find much information on the best way to do this, from what I have read it seems split between most people on how to effectively do this. A lot of people will suggest a way and others will point out sql injection issues, and I cannot seem to find much about this topic that is fairly new.

Here is the html of an article:

    <div id="main">

        <article>

            <header>
                <h3> Title </h3>
                <time pubdate="pubdate"> 2011-07-22 </time>
            </header>

            <p> Article Text </p>

        </article>

    </div>

Ideally I guess it would be best to store the chunk of html making up each article into a database but there seems to be a lot of problems with this, and like I said I can't find many posts over this particular topic, and as someone new to php and databases I want to get some input on the best way to go about this before I proceed.

like image 971
valon Avatar asked Jul 23 '11 01:07

valon


People also ask

How are database articles stored?

The TEXT, BIGTEXT, LONGTEXT and others data types fields were created in order to store large amount of text (64 Kbytes to 4 Gbytes depending of the RDBMS). They just create a binary pointer to locate the text in the database and it is not stored directly in the table.

How do I store media files in SQL?

Store them as external files. Then save the path in a varchar field. Putting large binary blobs into a relational database is generally very inefficient - they only use up space and slow things down as caches are filled are unusable. And there's nothing to be gained - the blobs themselves cannot be searched.

Is it safe to store HTML in database?

Like others have pointed out there's nothing dangerous about storing HTML in the DB. But when you display it you need to know the HTML is safe.


1 Answers

When ever I store a large amount of user text, I just base64 it, then before you display it, make sure to run it through htmlspecialchars, this will keep html from working, so htmlspecialchars(base64_decode($content)) would work fine for displaying.
If you are using bbcode for formatting, then make sure to run htmlspecialchars before you start formatting your bbcode.

This isn't the only way, you can sanitize inputs without base64'ng it, but I see no reason not to, especially when nobody needs to see directly into the database.

like image 141
Ben Avatar answered Sep 27 '22 19:09

Ben