WebProWorld Part of WebProNews.com
Page One Link To Us Edit Profile Private Messages Archives FAQ RSS Feeds  
Forum Index Search Engines Marketing Site Design IT Discussion eCommerce Center  

Go Back   WebProWorld > Webmaster, IT and Security Discussion > Database Discussion Forum
Reload this Page HTML in databse columns
Subscribe to the Newsletter FREE!
Register FAQ Members List Calendar Arcade Chatbox Mark Forums Read

Database Discussion Forum This is the place to find help resolving those nagging questions you have about implementing and using all kinds of databases. Need help writing a query? Need an opinion on Oracle? Post here!

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-21-2003, 12:48 PM
WebProWorld Pro
  

Join Date: Sep 2003
Location: Mars
Posts: 200
alienzhavelanded RepRank 0
Default HTML in databse columns
Ran across this info recently concerning displaying Access columns with HTML values on a web page:

Do not use HTML in database columns
Do not display or allow HTML in any database columns.

Curious, I set out to research why, and found nothing at all. Anyone know why this would be considered unsafe? TIA

The Martian
Reply With Quote
  #2 (permalink)  
Old 12-21-2003, 05:01 PM
redcircle's Avatar
WebProWorld Veteran
  

Join Date: Aug 2003
Location: Grand Rapids, MI USA
Posts: 553
redcircle RepRank 0
Default
The only thing that I see would be an excess amount of unnecessary database calls that would slow the server down. Use the filesystem. That's what it was intented for. databases are for organizing data.
Reply With Quote
  #3 (permalink)  
Old 12-22-2003, 12:01 AM
WebProWorld Pro
  

Join Date: Sep 2003
Location: Mars
Posts: 200
alienzhavelanded RepRank 0
Default
redcircle wrote: The only thing that I see would be an excess amount of unnecessary database calls that would slow the server down.

The question is why displaying the columns with HTML values is considered a secruity issue.

The Martian
Reply With Quote
  #4 (permalink)  
Old 12-22-2003, 05:45 PM
redcircle's Avatar
WebProWorld Veteran
  

Join Date: Aug 2003
Location: Grand Rapids, MI USA
Posts: 553
redcircle RepRank 0
Default
not sure why they consider a security issue.
Reply With Quote
  #5 (permalink)  
Old 01-02-2004, 02:02 PM
WebProWorld New Member
  

Join Date: Oct 2003
Location: Laguna Hill
Posts: 7
gohitech RepRank 0
Default I think they mean...
I think they meant not to use excessive HTML in your databse "rows".
It would be unsafe becasuse of the way it would be displayed.

It is always a good practice for databased dynamic web development to allow the html to be genrated rather than hardcoded into the database.
But using simple tags (e.g.[*]) won't hurt.(or I belive so)

regards,

Bk
__________________
please visit http://www.gohitech.com for awsome IT and Web Deals.
Reply With Quote
Reply

  WebProWorld > Webmaster, IT and Security Discussion > Database Discussion Forum
Tags: , ,


« PHP mail script | SSl/CC - Who handles it best? »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

WebProWorld | Advertise | About | Forum Rules | MVP's | Archive | Newsletter Archive | Top | WebProNews | Statistics
WebProWorld is an iEntry, Inc. ® site - © 2008 All Rights Reserved Privacy Policy and Legal
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509


All times are GMT -4. The time now is 10:37 PM.

Search Engine Optimization by vBSEO 3.2.0