Is it wrong to put HTML into a database field?

Question

is it wrong to put html into a database?

for example paypal buttons...

or block text with a couple of line breaks in there?

Answer 1

I totally disagree with anyone who says it's "wrong"! However Dave Newton in the comments below makes a good case for using XML markup in preference to HTML markup.

I have a database which is full of vocab entries: there's a head word field in language A, and a "definition/explanation" field in language B, let's say English.

When writing the definition/explanation field I may want to highlight certain words and give them a SPAN like this: <SPAN lang='fr'>yeux</SPAN>*, while other words may be like this: <SPAN lang='en'>eyes</SPAN>. The text outside such spans is obviously going to be explanatory text, something like this (for French "oeil"):

<EN>eye</EN> <phonetics>...</phonetics>, irregular pl. <FR>yeux</FR> <phonetics>...</phonetics>, <EN>eyes</EN>. And some more miscellaneous free-form text perhaps with some other embedded <FR> or <EN> words...

Justification for simpler tags such as <STRONG> or <EM> might very often occur: typically meta-tags of any kind may express something meta-semantic which a user/editor may feel to be very important or essential.

The big problem comes when trying to get MySQL to perform the sort of operations you might typically want to perform on a simple text field. There are two things to say about this:

- firstly, you may want to keep a "plain text" field in parallel with the marked up one...

- secondly, in order to make comparisons between marked up fields there is a bit of a problem: you might need to "normalise" your markup before any INSERT INTOs or UPDATEs: the aim essentially being to make it so that any field which looks the same when displayed in an HTML context has exactly the same markup... In my experience, achieving this is far from trivial but not impossible. HTML Tidy may help with some of this, but I don't think it will necessarily do everything you might need to "normalise".

* Incidentally, this kind of markup may not be for purely "cosmetic" purposes: supposing you're indexing all these "definition/explanation" fields with an inverted index of the Lucene/Elasticsearch type: by tagging all the embedded French words and all English language words like this you can do inverted index type searching in a way which is completely impossible unless by some means you identify words of a certain "type" by some kind of "meta info" mechanism, XML or HTML, etc.

Answer 2

I think that in general this is to be avoided if possible. Traditionally, HTML markup on a website is either static, or part of a template; in which case it does not belong in the database. There are of course exceptions to this rule: for example, some content-management systems allow content administrators to work with basic HTML tags. I'm pretty sure HTML tags within Stack Overflow's editable content gets written into a database.

More important than rules like don't put HTML into a database is ensuring that your overall architecture is sound; and that you're allowing different components like the web server and the database to fulfill the functions that they're designed for.

Answer 3

It's not wrong (you probably don't want to index that column) but it is very wrong to allow the content to be nominated in its entirety by a normal user; you don't want a normal user to insert arbitrary javascript content! It's OK if the user has to prove that they are highly privileged in the first place (e.g., the site owner) or if you are generating the HTML from a renderer (e.g., Markdown) and storing the rendered result.

Be careful to not mix up HTML documents with HTML fragments or plain text; they're different, and you should know what you're working with at all times…

Answer 4

It not really wrong as long as you realize that HTML you put should be strictly used for the display purpose only like storing some text in the field you would like to display in a specific way there for you add some tags around it for that purpose or if you think it would be hard to maneuver the text the same way on the client side, but do not store html in a filed that you think you may use to search or as reference.

Answer 5

The problem is not putting this on a column on a table or not, but rather how does this sort of thing complicates your app for updates, data retrieval, etc. You need to be the judge of that but certainly this is not uncommon.