Escaping HTML characters in database

Albert created the topic: Escaping HTML characters in database

Hi,

Just wondering why your plugin uses the PHP function htmlspecialchars() to convert special characters to HTML entities when saving to the database but then you also use the Wordpress esc_html() function to display this information on the front-end viewer. Isn't this duplicating effort?

I ask because now my database is full of encoded HTML characters and I can't use the raw data for other applications unless they are able to decode the HTML.

#84439

Please Log in or Create an account to join the conversation.

Agapi G. replied the topic: Escaping HTML characters in database

Hello Albert!

Thank you for posting your question!

Please note, that this is done to prevent security vulnerabilities. If we don't encode the HTML characters, spam bots will be able to post unwanted Javascript, and damage the system.

Thanks! Have a great day!

Kind regards,
Agapi G.
Web-Dorado team
#84529

Please Log in or Create an account to join the conversation.

Time to create page: 0.162 seconds
Powered by Kunena Forum

WORLD-CLASS SUPPORT

We are here for you every step of the way. Turn to our support with any questions you might have about our products and services. Our experienced customer care team is available to help you as fast as we possibly can.

Contact us