Storing HTML formatted text in database

Question

I am building a web site similar to Craigslist. I would like to know how to store the html formatted text (bold / italics / font size etc) in a sql 2008 database?

In order words, the user would enter their text, format it with font size, bold etc and save the information. Whats the most efficient way to store that in a database?

Answer 1

I would say just use a NVARCHAR(max) or Text data type as opposed to the XML data type.

This will allow easy access to the content where as the xml datatype would need converted somewhere along the line.

Answer 2

Make sure only to allow a certain limited number of HTML tags or else you risk getting a cross script injection.

For example, don't allow your user to input <script> or <style> tags. I suggest you read more about cross script injection before you move on! Good luck

Answer 3

Save it to a nvarchar(max) field. Make sure you use parameterized queries for security. Read http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/

Answer 4

I would put it in a nvarchar(MAX) field if you are using SQL Server 2008 or above otherwise. If you are using SQL Server 2005 or lower and if the number of characters will be below 2000 you could use an nvarchar(2000) type. If that is too restricting use a text type.

Answer 5

I would simply stuff it, as is, into a NVARCHAR(MAX) field.

Of course, you would use a parameterized query for this.

Answer 6

I would probably just store the ad text as a nvarchar(max) datatype