[RESOLVED] Best way to store html text in DB

rtcary

I have an HTML editor on a PHP page (CKeditor) and I want to store the text into a MySQL field (Type: text).

Are there security risk?

If there are security risks, what is the best way to minimize then?

Todd

dagon

the only thing you need to do id run mysql_real_escape_string on the var before putting it in to the db

Krik

The security risk is in who is submitting the data. If it is just any old user that comes along then yes. In which case you will want all special characters converted to their ISO character or numeric entity (< to < ).

But if your just dealing with a very limited number of people entering data, that you know you can trust, then the security precautions will not need to be as stringent.