"Correct" way to echo from DB

PHP 7, working with UTF-8

$model = new Model();
$model->text = "This quo'<script>alert('omg')</script>";
$model->save();

Good!

In DB, the field is:

This quo'<script>alert('omg')</script>

Good!

On a view

{{$model->text}}

And says:

This quo'<script>alert('omg')</script>

Good!

But when working with AJAX and returning the string from database, doing the "echo", appears the "omg" alert on browser. So, my question is, which is the best way to handle this?

Write the escaped character on the DB? (dont like that)
Put a htmlspecialchars() on all the string?
Make an extra effort to, instead return the string directly, pass to a view and return the string from the view
Other? =)

I know there's no "best" but right now I have escaped the string with htmlspecialchars(), any other more productive or "laravel" way to do this?

mikefolsom

9 years ago

Best Answer

Level 21

I'm not following your question exactly, but it sounds like you might want to use Laravel's e helper:

https://laravel.com/docs/master/helpers#method-e

punchi

9 years ago

Level 1

Thank you!! yep,

htmlentities($value, ENT_QUOTES, 'UTF-8', false);

Was my solution =)

Please or to participate in this conversation.