Inefficient to str_replace "bbcode" with html on every load?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cut
Forum Commoner
Posts: 39
Joined: Sat Aug 23, 2008 8:01 pm

Inefficient to str_replace "bbcode" with html on every load?

Post by Cut »

I'd like to bypass potential xss attacks and just restrict my users to [b], etc. My index will be Wordpress-style. Would it be terribly inefficient to call the posts from the database and then str_replace them on every load? Or should I str_replace them before putting them in the database (and then un-convert when a user edit posts)? At first, I was going to do the latter, but PunBB does the former, so I'm not sure.
User avatar
greyhoundcode
Forum Regular
Posts: 613
Joined: Mon Feb 11, 2008 4:22 am

Re: Inefficient to str_replace "bbcode" with html on every load?

Post by greyhoundcode »

The string functions are extremely fast, certainly faster than using reg-ex to do it, so I don't think you've got anything to worry about.

If you're going to run str_replace anyway then the most efficient thing would be to do just one cycle (ie, prior to display) rather than two (ie, when it goes on to the database and when it is pulled back off).
Post Reply