I use MySQL to store data and my web pages are all encoded as UTF-8. I have a lot of Portuguese characters such as ç
and õ
and I'm wondering if I should HTML-escape them before storage.
Should we store &
as &
, for example? And why (not)? What are the advantages and disadvantages / best practices?
Don't HTML-encode your characters before storage. You should store as pure a form of your data as possible. HTML encoding is needed because you are going to display the data on an HTML page, so do the encoding during the processing of the data to create the page. For example, suppose you decide you're also going to send the data in plain text emails. If you've HTML-encoded the data, now the HTML encoding is a barrier that you have to undo.
Choose a canonical form for your data, and store that. UTF-8 is wonderful, and your database supports it (assuming you've created all your tables properly). Just store UTF-8.