Htmlentities incress the string character

Question

I have a input text box maxlength 20 and use jquery auto count how many words left.

I have also use strlen to check before it insert into DB varchar(20)(if too many characters, wont insert into DB), and htmlentities to prevent xss

Here is the problem, htmlentities will increase characters. So if auto count shows 17 but it actually over than 17 characters because htmlentities.

I don't want data truncate, any suggestion?

htmlentities will not protect you from XSS. see this http://stackoverflow.com/questions/15802624/why-my-code-vulnerable-to-xss-attack — open source guy, Jun 01 '13 at 11:26
@messi The question you link to and what you said does not match in any way. — deceze, Jun 01 '13 at 11:29

score 6 · Accepted Answer · answered Jun 01 '13 at 11:26

6

Never encode for display before storage, only before display.

answered Jun 01 '13 at 11:26

Ignacio Vazquez-Abrams

776,304
153
1,341
1,358

Htmlentities incress the string character

1 Answers1