CODEWITHSUNDEEP
sqlsql-serverhtml-entities
Leslie Jones
Leslie Jones

Reputation: 570

How should HTML Entities be stored on SQL server?

How should HTML Entities be stored on SQL server? Should they be stored as the entity or as the character. Which is correct and does it really matter?

For example

Storage Solution 1

& > <

Storage Solution 2

& < >

Upvotes: 4

Views: 115

Answers (3)

Tathagat Verma
Tathagat Verma

Reputation: 548

Whenever storing any kind of data, you should consider this guideline that:

  • Data/info should not be tampered or changed from it's original form
  • It should be independent from any processing/conversion logic

This may not be applicable always, espeically when storing sensitive info like passowrds, credit card or any other financial data, hence will be case dependent.

In the mentioned scenario,

Solution 1 will have 2 drawbacks:

  • Increase in data size
  • Implementing a logic to convert data at each read & write opertion (may also increase proessing time)

Solution 2 will have the drawback of security issues, which maynot be a concernor or applicable if the system is designed appropriately.

Hence, decision cannot be taken simply with the provided information; and will depend on the architecture of the system and longterm usage analysis.

Upvotes: 2

Manohar Patil
Manohar Patil

Reputation: 39

Try the ascii codes to solve your query, this link may help you.

Upvotes: 0

osuddeth
osuddeth

Reputation: 162

I feel like storage solution 1 is more secure, as it helps to drastically cut down on your risk of accidentally executing some script unintentionally if you have someone embedding javascript or the like in their input.

Which, granted, you should be stripping out, but it's a best practice kind of thing to store the entity, not the character.

Upvotes: 3

Related Questions