when to use htmlspecialchars() function?

php htmlspecialchars
khr2003 picture khr2003 · Feb 3, 2011 · Viewed 15.1k times · Source

Hi I was wondering when is the appropriate place to use htmlspecialchars(). Is it before inserting data to database or when retrieving them from the database?

Answer

SLaks picture SLaks · Feb 3, 2011

You should only call this method when echoing the data into HTML.

Don't store escaped HTML in your database; it will just make queries more annoying.
The database should store your actual data, not its HTML representation.

Related questions

How to display special characters in PHP

I've seen this asked several times, but not with a good resolution. I have the following string: $string = "<p>Résumé</p>"; I want to print or echo the string, but the output will return <…

Read More
json with special characters like é

I'm developing a dependent select script using jQuery, PHP and JSON as the response. Everything goes well except for using special characters like French ones (é , è , à...) if I pre-encode them like (&eacute; , &egrave; , &agrave;) (Here I'm using spaces …

Read More
htmlspecialchars(): Invalid multibyte sequence in argument

I am getting this error in my local site. Warning (2): htmlspecialchars(): Invalid multibyte sequence in argument in [/var/www/html/cake/basics.php, line 207] Does anyone knows, what is the problem or what should be the solution for this? Thanks.

Read More