Inefficient to str_replace "bbcode" with html on every load?
Moderator: General Moderators
Inefficient to str_replace "bbcode" with html on every load?
I'd like to bypass potential xss attacks and just restrict my users to [b], etc. My index will be Wordpress-style. Would it be terribly inefficient to call the posts from the database and then str_replace them on every load? Or should I str_replace them before putting them in the database (and then un-convert when a user edit posts)? At first, I was going to do the latter, but PunBB does the former, so I'm not sure.
- greyhoundcode
- Forum Regular
- Posts: 613
- Joined: Mon Feb 11, 2008 4:22 am
Re: Inefficient to str_replace "bbcode" with html on every load?
The string functions are extremely fast, certainly faster than using reg-ex to do it, so I don't think you've got anything to worry about.
If you're going to run str_replace anyway then the most efficient thing would be to do just one cycle (ie, prior to display) rather than two (ie, when it goes on to the database and when it is pulled back off).
If you're going to run str_replace anyway then the most efficient thing would be to do just one cycle (ie, prior to display) rather than two (ie, when it goes on to the database and when it is pulled back off).