|
|
|
|
|
|
by tinus_hn
1324 days ago
|
|
|
No. The way to solve this is to recognize where the problem lies. The problem does not lie with storing user input. The problem lies with improperly putting strings in other data. So all you need to do, is to do that properly. Either you commit to using constructs like paramtrized queries instead of concatenizing strings and use the DOM to put together HTML the way you want, or you escape as you concatenate the strings. Don’t store escaped strings, it’s a recipe for disaster. |
|
|