Results 1 to 3 of 3
Mar 18, 2009, 01:40 #1
What is best method to store and retrive the data in mysql?
I want to clarify the best method to store and retrieve the data ( STRING or TEXT) in mysql . I know some of the methods ...
2) htmlentities(TEXT) - store
htmlentities_decode(TEXT) - retrieve
3) urlencode(TEXT) - store
is there any other best techniques to store and retrive? Let me know your suggestions.
Mar 18, 2009, 08:16 #2
- Join Date
- Jul 2008
- 0 Post(s)
- 0 Thread(s)
Use prepared statements. I recomend PDO.
Mar 18, 2009, 08:49 #3
- Join Date
- Oct 2006
- France, deep rural.
- 17 Post(s)
- 1 Thread(s)
You seem a little mixed up there, good job you asked.
The mantra is filter input, escape output.
1 mysql_real_escape_string() or as pointed out use prepared statements - this makes sure nothing nasty leaks into your sql statement to corrupt/control your database. (e.g. SQL Injection attacks)
2 htmlentities or htmlspecialchars to escape the output when you get it out to make sure nothing in the database (or wherever) can do something harmful to viewers of the html (e.g. XSS attacks)
3 urlencode and urldecode is to do with making/converting legal url strings segments and has nothing to do with databases.
FIEO - filter input, escape output
Medium version (slides)
Last edited by Cups; Mar 18, 2009 at 08:58. Reason: altered the link for the medium one and added tag 'FIEO'