Hi guys,
I’m just curious. I’ve record a user input content into database using htmlentities() to prevent harmful script. But if it safe if I retrieved the record using html_entity_decode() function?
I just don’t want my website to look like an alien for the user.
Thanks
htmlentities is only useful when outputting data into a text page. All it does if you run it on the input to a database is make the data bigger to store and make it necessary to convert it back if you are going to use it anywhere other than in a web page. It is as effective as feeding your car breakfast cereal every morning to make sure it doesn’t get hungry on the way to work.
The validation you do on the input fields is what prevents harmful scripts. Not anything you do with an output function - particularly one that is being used in the wrong place.
Thank Stephen, but I do not understand what does that mean. I assume it’s safe though.