Krewe Posted February 24, 2012 Share Posted February 24, 2012 Hey Guys, I am making a behind the scenes CMS for staff right now and I was wondering a few things.With some of the posts and updates to the sites the make they might need to make words links.I've read in different places that putting html in a database is bad, so how do I do what I want to do?Also would adding a bold word, underline, etc. be the same? Thanks!Krewe Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2012 Share Posted February 24, 2012 Why is putting HTML in a database bad? Link to comment Share on other sites More sharing options...
Krewe Posted February 24, 2012 Author Share Posted February 24, 2012 Why is putting HTML in a database bad? Truthfully I don't understand why it would be.The places I read it from and heard it from say it could cause problems when you try and take it out.Is there no problem then? Edit: I trust this place more than I trust others Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2012 Share Posted February 24, 2012 There are issues with taking user input, storing it in a database, and displaying it on a page, but the point is to look into those specific issues, why they are problems, and what the solutions are instead of memorizing absolutes like "HTML is bad". Look into XSS injections, or cross-site scripting. Unfiltered HTML could also include malicious code to embed malware if it isn't sanitized correctly. You may want to look into HTMLPurifier. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.