Introduced filtering data while writing to the dB or output?

Good evening, can't decide how to do.

Is the form without an editor and all the rest, and 1 model which retains the entered data.
These data forms are displayed in 2-5 templates.

I have only 1 place, which can save form data in database, that is, there is no record.

And I have a connection with it the question arose whether it would be simpler for me Html::encode (htmlspecialchars) to use when writing to the database, but not every pattern in the output?

What is the actual difference and what pitfalls there are?
I would have done HtmlPurifier (strip_tags) when recording, but I don't need to "<this text>" left.

How to filter data in the case record to the database in 1 place, and output to multiple templates?
March 19th 20 at 08:43
2 answers
March 19th 20 at 08:45
For starters, the filter when recording saves you from sql injection.
Second, the reading usually predominates over the recording, so it is better to filter while recording.
On the other hand, filtering the record in the database, you lose the primary format. And if you change the filter, the data to encode does not work.
Well, this time: if a user edits his account, he needs to give exactly what he typed.
Conclusion: partially need to filter to convert the recording, partially to filter when displaying, and when editing should return the original version.
@Hanna42, Yes, I understand that sometimes you need to keep pristine - for example if you use the editor, but in my case it's just a text input field, no editor out when recording format is cheaper - willow commented on March 19th 20 at 08:48
It turns out that way. And if the formatting won't change, then you can format while recording. - Hanna42 commented on March 19th 20 at 08:51
March 19th 20 at 08:47
Good evening.
To do this, yii has validation rules that can specify what type is expected.
The same quote

All the SQL queries, the framework protects the prepared statements PDO, if they themselves do not compose the query by concatenation. No problems with it.

But to display user data using Html::encode();
@evalyn.Bode , Yes, I know that yii has validation and queries are protected, my question is slightly different, I Just can somewhere forget to put the encode in the output, so it can be easier when you record in the database to encode all the - willow commented on March 19th 20 at 08:50

Find more questions by tags Yii