Answer the question
In order to leave comments, you need to log in
Answer the question
In order to leave comments, you need to log in
What does "filter" mean? If protection against SQL injections, then, of course, you need to filter before writing. But filtering is not by cutting and escaping, but by using placeholders in PDO. More details: habrahabr.ru/post/148701/
When outputting, you need to escape what can be executed inside HTML, the usual htmlspecialchars() or using a normal template engine (Twig, for example) will help here.
without a filter at the input, an unpredictable increase in the volume of the database and the complexity of searching in it
And this and that is correct, if you need to process raw data in the future, then it is logical that you will store them raw and clear them only when outputting. And if you need to store only a certain format (for example, tags are not allowed), then it will not hurt to clear everything superfluous before recording, you never know where the data will be displayed.
And here at an output it is necessary to filter the data always . This is the most common mistake =)
Store anything in the database, but you can't show anything in the output.
For example, we need to count statistics. Accordingly, every second we write a certain amount of information. We have a huge base, but you can do everything with it. anything. When outputting, filtering and all sorts of arithmetic operations - summation by week, month, etc.
Further, if there is a lot of data, the samples start to slow down. And therefore it is necessary to somehow clean up the database, at least with per-second data. This can be done when inserting - for example, shift the old ones somewhere, summarize and write the sums already, etc. is already processing at saving.
In a good way, you just need to periodically go through such a database and optimize it - the same summation, generating reports - so as not to shovel the entire database every time - such is the periodic stage of filtering-optimization.
Hmm, it's not very clear what you mean by filtering? The form did not pass the validation - they answered the user with a refusal and did not record anything, passed - they recorded everything as it is. At the conclusion, we escape. This is, of course, the general case, in different tasks there may be different variations.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question