Menu
I have a text area plugged in with tinyMCE which will contain HTML code that I wish to save into the database.
I want to save that html code right as it is, to be able to print it anytime, and even to be able to write it down to a file (using fopen("filename","w"); )
Since i'm setting up the table I will be using, i do not know which type of record should I assign to this html text in my database.
Should I..:
addslashes/stripslashes when I save/stamp the html text?htmlencodechars/decodechars?
909
Use HTMLPurifier to strip any malicious XSS code from the HTML. TinyMCE tries to do this but it can be bypassed by posting directly to your script.
When storing the data, use a parameterised query/prepared statement instead of escaping, to prevent SQL Injection. PDO or MySQLi can do that. This is a good PDO tutorial, especially if you're coming from the native mysql_* library.
As for the datatype, any string type is fine, it depends on how long your content could be.
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
