[nycphp-talk] Form field length vs. Database field length
David Sklar
sklar at sklar.com
Mon Dec 22 14:39:53 EST 2003
>> That is to say, only call htmlspecialchars() when you're about to
>> display the data, rather than before storing it.
>
> That is probably what we will end up doing, but I don't like it. I
> would rather only mess with the data when it is submitted but it
> doesn't seem like that is going to be possible.
Hans's suggesting is definitely the way to go. You should store data in the
database in as unmodified a form as possible (Just like you mentioned that
you don't want to arbitrarily replace &'s with +'s in busines names).
The encoding is entirely display dependant -- when you pull data out of the
database and you need to display it safely as HTML, call htmlspecialchars().
When you pull data out of the database and you want to use it as plain text
(in an internal report or e-mail message), don't do anything to it. When you
pull data out of the database and you want to generate a CSV file, you do
the CSV encoding transformations with commas and quotes and whatnot. But in
the database, the data should not be pre-modified to accomodate any
particular display encoding scheme.
David
More information about the talk
mailing list