Page 1 of 1

Inefficient to str_replace "bbcode" with html on every load?

Posted: Sat Aug 30, 2008 10:02 pm
by Cut
I'd like to bypass potential xss attacks and just restrict my users to [b], etc. My index will be Wordpress-style. Would it be terribly inefficient to call the posts from the database and then str_replace them on every load? Or should I str_replace them before putting them in the database (and then un-convert when a user edit posts)? At first, I was going to do the latter, but PunBB does the former, so I'm not sure.

Re: Inefficient to str_replace "bbcode" with html on every load?

Posted: Sun Aug 31, 2008 2:05 am
by greyhoundcode
The string functions are extremely fast, certainly faster than using reg-ex to do it, so I don't think you've got anything to worry about.

If you're going to run str_replace anyway then the most efficient thing would be to do just one cycle (ie, prior to display) rather than two (ie, when it goes on to the database and when it is pulled back off).