Saving And Displaying Html And Special Characters In A Mysql Database Safely?

The title basically sums it up. I built a small blog but I cant even post links in my articles! What can I do? I've tried htmlentities(), htmlspecialchars(), real_escape_string() a

Solution 1:

While encoding characters is a good thing, one must make sure not to over-encode.

Only encode what /needs/ encoded at that time. Don't encode the HTML before putting it into your database. You may want to print things out later, or you may want to run searches against it. Use the proper escape sequences for SQL (or, better yet, use PDO).

Only when you are sending things to the browser should you escape the HTML, and then you need to decide what kind of escaping you need. To convert things like < and & as the character entities so they will display properly, then use the right escape method for that.