For my web application, if I want to make sure the user data is not harmful, which approach is generally preferred: should I encode all the data saved in the database, html encode everything from the database that I show on the page or both?
-
I heard people saying that once you sanitize your data to prevent sql injection, you should save it into the database as is and only deal with escaping it when you present it to the user. How valid is this statement?
-
Answer:
To prevent SQL injection, properly escape data that you include in SQL statements, ideally using a prepared statement interface that does this for you. Note that this layer of encoding is aimed to make the data safe for the SQL parser and adds no escaping to the stored data itself. You would normally HTML encode data from the database when presented to the user, to prevent "markup injection". Storing HTML encoded data might be justifiable depending on your application.
Toby Thain at Quora Visit the source
Related Q & A:
- I want to make a video from "Windows Movie Maker.Best solution by Yahoo! Answers
- I want to cook Pho but I am not sure if I should add Fred Phelps or Glenn Beck to season it.Best solution by answers.yahoo.com
- I want to become a dental nurse but not sure how to?Best solution by nationalcareersservice.direct.gov.uk
- I want to make a longboard, what type of wood should I make it out of.Best solution by Yahoo! Answers
- I want to make a free slide show.Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.