|
|
Posted by Jerry Stuckle on 07/05/06 10:33
Harold Crump wrote:
>>>What's the issue with storing the "e in the database?
>>
>>What if you want to use the data for other than displaying on the web? For instance, another
>>(non-web) application is going to print information from the database? It might even be a C/C++
>>application, for instance.
>
>
> Point taken.
> This application, however, is web-only.
> I don't anticipate any non-web consumer for this data.
> If that does indeed come to pass, I figure it will be easy enough to
> write a script that HTML decodes everything and saves it back into the
> database with escaped characters - no?
>
First of all, you need to separate the data from the application. You
may very well have multiple applications using the same data.
And *right now* this is a web application. But does that mean it always
will be?
You should always separate your data from the presentation of the data.
"e is part o the presentation, and should be converted after the
data is retrieved from the database, not before it's inserted.
>
>>>Why bother with mysql_real_escape_string and all its inherent issues if
>>>we can completely eliminate quotes from making their way into the SQL
>>>statement?
>>>
>>
>>Because mysql_real_escape takes the current charset into account when performing its operations.
>
>
> So does htmlentities()
>
And no, htmlentities() does not take the current characters set into
account. It only converts specific characters in the Western European
character set to HTML entities.
mysql_real_escape, OTOH, looks at the current charset used by the
connection and converts data in the string to input which is compatible
with mysql. A completely different function, for a completely different
purpose.
Two functions, two uses. Don't get them mixed up!
>
>>>What am I missing?
>>>
>>
>>The fact that not everything in the world is html based?
>
>
> No?
> You mean you don't dream in HTML?
> Where're you from? :p
>
> -Harold.
>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|