09-17-2002, 06:39 AM
|
|
New Member
|
|
Join Date: Sep 2002
Posts: 2
|
|
Storing HTML in database. Should I or shouldn't I?
When coding a CMS system, should HTML be stored in the database?
Ex. If the structure of the db table is this:
create table annoucement (
id int unsigned NOT NULL AUTO_INCREMENT,
title tinytext,
body text,
PRIMARY KEY(ID)
);
What if the user wants to be able to make certain text in the body field of the db bold, italic, different color, etc. Should they be allowed to enter HTML in the text field or should there be some sort of special tags (like vbCode).
I would lean toward having special tags, but I can't explain to another person in a clear way as to why we shouldn't store HTML in the db.
Also, I don't know if anyone has see some of the IE specific WYSIWYG editors that are floating around. Those are nice for people who do not know HTML, but they insert HTML tags into the body field. Any thoughts? I don't mind that it's IE specific the backend/administrative section can be IE specific, and the what a visitor sees will be cross browser compatible.
Is there any WYSIWYG editors out there that allow for me to customize what tags they insert?
|
09-17-2002, 06:54 AM
|
|
Web Hosting Master
|
|
Join Date: May 2002
Location: UK
Posts: 2,994
|
|
It really depends on what you are trying to achieve.
If you are working with XML I would say no, but if it's simply for retreive and display on a web page then I can't see any problem with it... of course you could get some interesting results if you make the database searchable.
|
09-17-2002, 04:40 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Sep 2002
Location: Canada
Posts: 35
|
|
I'd have to agree with Rich2k, storing HTML in MySQL is perfectly normal and would work fine.
__________________
EZScripts - Quality PHP Scripts, Low Price (includes Custom Scripting on request.)
http://www.EZScripts.net/
|
09-21-2002, 02:25 AM
|
|
Web Hosting Master
|
|
Join Date: Nov 2000
Posts: 3,042
|
|
Yup... that would be funny to search it... and if you do put html into a db, don't plan on using phpMyAdmin, or at least older versions of it. Can make quite a mess.
Generally the "commonality" uses flat-files (like .tpl files) for the html. This keeps your DB clean, and remember large amounts of data in a single field can produce somewhat slow results.
__________________
A well-reasoned assumption is very close to fact.
- Adorno
|
09-21-2002, 03:40 AM
|
|
Registered User
|
|
Join Date: Apr 2001
Location: Depok, Indonesia
Posts: 986
|
|
Quote:
Originally posted by comphosting
Yup... that would be funny to search it... and if you do put html into a db, don't plan on using phpMyAdmin, or at least older versions of it. Can make quite a mess.
|
Whoa, if that's really the case, phpMyAdmin has some serious cross site scripting vulnerability.
|
09-21-2002, 04:52 AM
|
|
Web Hosting Master
|
|
Join Date: Nov 2000
Posts: 3,042
|
|
Yes'ir, Althought I haven't tested this on recent versions of phpMyAdmin, at one point I couldn't even view fields, much less edit them, simply because I had a couple of double quotes in a row. It is probably fixed by now, but it did kind of make me wonder at the time.
__________________
A well-reasoned assumption is very close to fact.
- Adorno
|
09-21-2002, 05:14 AM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Location: Kuwait
Posts: 679
|
|
If you enable this, make sure that only trusted people can use it. If it is open to the public, like allowing the users of a bulletin board to post messages, then HTML will create many vulnerabilities.
Anybody that can post can make JavaScript code that sends him the session hash of a visitor for example (session hijacking), be it stored in a cookie or the URL.
Besides many other problems.
Also note that you shouldn't allow users to post things that will force the viewers to load an arbitrary URL, like the [img] in vB tag or the other tags that allow posting flash movies. Anybody that can post these can place an img tag with the URL being the URL that a moderator would click to confirm the delete of a specific thread, for example. The minute a moderator visits that page, he will execute the delete command without knowing it.
|
09-22-2002, 02:43 PM
|
|
Web Hosting Master
|
|
Join Date: Sep 2002
Posts: 3,892
|
|
saving blob data to a db is a generally shunned practice. you need to examine the pros and cons of doing it closely.
paul
|
09-26-2002, 03:48 AM
|
|
New Member
|
|
Join Date: Sep 2002
Location: Rostov on Don, Russia
Posts: 1
|
|
we develop Account Settlements
and using PostgreSQL
i use BLOB type to save XML file
Also
you could use BASE64 coding to strore HTML
|
09-26-2002, 12:09 PM
|
|
WHT Addict
|
|
Join Date: Sep 2002
Posts: 114
|
|
For search options, you will have to write code to surpass any html tags from the text. This can be done but needs to be coded properly.
|
09-26-2002, 01:15 PM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Location: Atlanta, GA
Posts: 1,249
|
|
Instead of storing the content in the DB I'd probably go for a flat file....
Set up the table like this
ID int unsigned NOT NULL AUTO_INCREMENT,
title varchar(25),
Then after the form that you prompt the user for their html for the page store it a file "content_".$id.".php";
Then when you want to retrieve it again just include("content_".$id.".php");
Then you can also put a link on each stories page for a "Printer Friendly View" that would link directy to "content_".$id.".php". This would help a ton in Google rankings by providing an actual physical (non-dynamic) link to a story. Also would help for archiving stories.
__________________
char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }main (){void (*f)() = x;f();}
I wear a gray hat 
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
