当前位置: 动力学知识库 > 问答 > 编程问答 >

mysql - Is it wrong to put HTML into a database field?

问题描述:

is it wrong to put html into a database?

for example paypal buttons...

or block text with a couple of line breaks in there?

网友答案:

I think that in general this is to be avoided if possible. Traditionally, HTML markup on a website is either static, or part of a template; in which case it does not belong in the database. There are of course exceptions to this rule: for example, some content-management systems allow content administrators to work with basic HTML tags. I'm pretty sure HTML tags within Stack Overflow's editable content gets written into a database.

More important than rules like don't put HTML into a database is ensuring that your overall architecture is sound; and that you're allowing different components like the web server and the database to fulfill the functions that they're designed for.

网友答案:

The problem is not putting this on a column on a table or not, but rather how does this sort of thing complicates your app for updates, data retrieval, etc. You need to be the judge of that but certainly this is not uncommon.

网友答案:

It not really wrong as long as you realize that HTML you put should be strictly used for the display purpose only like storing some text in the field you would like to display in a specific way there for you add some tags around it for that purpose or if you think it would be hard to maneuver the text the same way on the client side, but do not store html in a filed that you think you may use to search or as reference.

网友答案:

It's not wrong (you probably don't want to index that column) but it is very wrong to allow the content to be nominated in its entirety by a normal user; you don't want a normal user to insert arbitrary javascript content! It's OK if the user has to prove that they are highly privileged in the first place (e.g., the site owner) or if you are generating the HTML from a renderer (e.g., Markdown) and storing the rendered result.

Be careful to not mix up HTML documents with HTML fragments or plain text; they're different, and you should know what you're working with at all times

分享给朋友:
您可能感兴趣的文章:
随机阅读: