Hello.

Is it safe to store XHTML code in a database?

What I usually do is store XHTML in the database and then just use htmlspecialchars() when outputting it on the website.

Is that a safe practise or are there any security risks?