我们应该在将特殊字符存储到数据库之前对其进行 HTML 编码吗? [英] Should we HTML-encode special characters before storing them in the database?

问题描述

我使用 MySQL 存储数据，我的网页都编码为 UTF-8.我有很多葡萄牙语字符，例如 ç 和 õ，我想知道是否应该在存储之前对它们进行 HTML 转义.

I use MySQL to store data and my web pages are all encoded as UTF-8. I have a lot of Portuguese characters such as ç and õ and I'm wondering if I should HTML-escape them before storage.

例如，我们应该将 & 存储为 & 吗?那么为何不)?有哪些优点和缺点/最佳做法?

Should we store & as &, for example? And why (not)? What are the advantages and disadvantages / best practices?

推荐答案

不要在存储之前对字符进行 HTML 编码.您应该存储尽可能纯的数据形式.需要 HTML 编码，因为您要在 HTML 页面上显示数据，因此在处理数据以创建页面期间进行编码.例如，假设您决定还要以纯文本电子邮件发送数据.如果您对数据进行了 HTML 编码，那么现在 HTML 编码是您必须撤消的障碍.

Don't HTML-encode your characters before storage. You should store as pure a form of your data as possible. HTML encoding is needed because you are going to display the data on an HTML page, so do the encoding during the processing of the data to create the page. For example, suppose you decide you're also going to send the data in plain text emails. If you've HTML-encoded the data, now the HTML encoding is a barrier that you have to undo.

为您的数据选择一个规范的形式，并存储它.UTF-8 很棒，而且您的数据库支持它(假设您已正确创建所有表).只存储 UTF-8.

Choose a canonical form for your data, and store that. UTF-8 is wonderful, and your database supports it (assuming you've created all your tables properly). Just store UTF-8.

这篇关于我们应该在将特殊字符存储到数据库之前对其进行 HTML 编码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！