我们应该在将特殊字符存储在数据库之前对其进行HTML编码吗？ [英] Should we HTML-encode special characters before storing them in the database?

问题描述

我使用MySQL存储数据，我的网页都编码为UTF-8。我有很多葡萄牙字符，如ç和õ，我想知道是否应该HTML

I use MySQL to store data and my web pages are all encoded as UTF-8. I have a lot of Portuguese characters such as ç and õ and I'm wondering if I should HTML-escape them before storage.

我们应该将& 存储为& amp; ，例如？那么为何不）？

Should we store & as &, for example? And why (not)? What are the advantages and disadvantages / best practices?

推荐答案

不要在存储前对字符进行HTML编码。您应该尽可能纯粹地存储数据的形式。需要HTML编码，因为您要在HTML页面上显示数据，因此在处理数据以创建页面时进行编码。例如，假设您决定还要以纯文本电子邮件发送数据。如果您对数据进行了HTML编码，现在的HTML编码是您必须撤消的屏障。

Don't HTML-encode your characters before storage. You should store as pure a form of your data as possible. HTML encoding is needed because you are going to display the data on an HTML page, so do the encoding during the processing of the data to create the page. For example, suppose you decide you're also going to send the data in plain text emails. If you've HTML-encoded the data, now the HTML encoding is a barrier that you have to undo.

为您的数据选择规范表单，并将其存储。 UTF-8是美好的，你的数据库支持它（假设你已经正确地创建了所有的表）。只存储UTF-8。

Choose a canonical form for your data, and store that. UTF-8 is wonderful, and your database supports it (assuming you've created all your tables properly). Just store UTF-8.

这篇关于我们应该在将特殊字符存储在数据库之前对其进行HTML编码吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！