ansaurus

Question

HTML tags inside the Database - YAY or NAY?

Answer 1

+4 A:

Generally, no. You want your DB fields to be independant of the medium they'll be used in (because there may be many: HTML, Plain Text, etc)

What you should do is reformat your fields to whatever context they are being displayed. This implies that if you need the data in a 'richer' format, you typically use a markup scheme (markdown, perhaps) so you can process it and render it in whatever fashion you like.

You may, however, cache this formatting in another field, to speed up the retrieval process.

Noon Silk 2009-10-01 09:17:42

so you say you need for instance something like UBB-code and store that in your database? (I agree with that). It's a pitty that few wysiwyg-editor (like CKEditor don't output UBB-code but plain html)

Natrium 2009-10-01 09:23:57

Natrium: Indeed, hence the reason I really dislike them. It's best to allow just a simple markup, then all your content can be rendered simply and easily (unlike dealing with the people who paste word documents into those rich editors; the resulting output is terrible!).

Noon Silk 2009-10-01 09:25:47

What's big advantage of UBB over HTML? both are markups.

peterchen 2009-10-03 13:22:11

Peterchen: Because if you make a mistake removing things in HTML, it'll render, with something that isn't HTML, it won't.

Noon Silk 2009-10-04 01:26:10

Answer 2

+1 A:

You can have HTML code in your Label as well as your Literal. A Literal control is much more light weight than a Label.. it's meant to write out text/html directly to the browser. A Label is little bulkier than a Literal, but has all benefits of a WebControl such as styling options etc.

Literal Control : Asp.NET Literal

Braveyard 2009-10-01 09:18:38

Answer 3

A:

Who enters these strings to the database? The usual problem with this approach is that:

you need to make sure that the resulting html is well formed
it can be not secure if people include scripts in the html stored in the database, etc.

So in most cases you want to store only real text in the database, and then format it and escape all html chars when adding to the page.

Grzenio 2009-10-01 09:20:24

I will be the only one adding these to the database. Users will be able to view items but Users will not be allowed to touch the DB at all.

Etienne 2009-10-01 09:50:05

Answer 4

A:

I personally would avoid storing the HTML in the database... but then again it depends on the context.

If you have a table designed for storing input from a rich textbox then you will somehow need to store any formatting that has been applied.

As others have mentioned, prehaps a safer alternative would be to create your own [bbCode] syntax, pretty much similar to the way the textbox on here (Stack OverFlow) works...

eg. any text in bold 'foo' becomes [b]foo[/b]

There is added work involved because you will need to parse the text and replace any tags with the equivalent [bbCode] tags and then do the reverse when outputting to a web page, but I personally think it is a safer approach with regards to data integrity.

Dal 2009-10-01 09:53:45

Answer 5

A:

Why not store it as xhtml in the database - you can validate it before you push it in. use the XML field type. This way if your need to query on it you can, and you data is still structured.

Jon Spokes 2009-10-03 13:13:33

ansaurus

tags:

views:

answers:

HTML tags inside the Database - YAY or NAY?

related questions