How should HTML Entities be stored on SQL server? Should they be stored as the entity or as the character. Which is correct and does it really matter?
For example
Storage Solution 1
& > <
Storage Solution 2
& < >
-
1It depends on where you will use these datauser5246440– user52464402015-08-27 05:48:46 +00:00Commented Aug 27, 2015 at 5:48
-
3I don't think it really matters. the first will take more space but save the time of encodeing/decoding, the second is the exact opposite.Zohar Peled– Zohar Peled2015-08-27 05:49:43 +00:00Commented Aug 27, 2015 at 5:49
Add a comment
|
3 Answers
I feel like storage solution 1 is more secure, as it helps to drastically cut down on your risk of accidentally executing some script unintentionally if you have someone embedding javascript or the like in their input.
Which, granted, you should be stripping out, but it's a best practice kind of thing to store the entity, not the character.
Comments
Whenever storing any kind of data, you should consider this guideline that:
- Data/info should not be tampered or changed from it's original form
- It should be independent from any processing/conversion logic
This may not be applicable always, espeically when storing sensitive info like passowrds, credit card or any other financial data, hence will be case dependent.
In the mentioned scenario,
Solution 1 will have 2 drawbacks:
- Increase in data size
- Implementing a logic to convert data at each read & write opertion (may also increase proessing time)
Solution 2 will have the drawback of security issues, which maynot be a concernor or applicable if the system is designed appropriately.
Hence, decision cannot be taken simply with the provided information; and will depend on the architecture of the system and longterm usage analysis.
Comments
Try the ascii codes to solve your query, this link may help you.
