Inefficient to str_replace "bbcode" with html on every load?
Posted: Sat Aug 30, 2008 10:02 pm
I'd like to bypass potential xss attacks and just restrict my users to [b], etc. My index will be Wordpress-style. Would it be terribly inefficient to call the posts from the database and then str_replace them on every load? Or should I str_replace them before putting them in the database (and then un-convert when a user edit posts)? At first, I was going to do the latter, but PunBB does the former, so I'm not sure.