I have a simple div with contenteditable and I want to store its value without the HTML but preserving line breaks, so I’m using the
The Question: Is it ok to just save it as it is directly in the database or should it be “urlencoded” or something before storing?
Yes, this is fine. The data should be stored in the database as entered by the user. There’s no need to modify the data for security reasons when inserting into the database.
When inserting into the database you need to remember never to put any variable input directly in the SQL. You must always use parameterized prepared statements. They are provided by PDO for example.
When outputting the data you need to encode it for the medium in which you present the data. If you display the data in HTML you need to encode with
htmlspecialchars(). If you put the data in URL you need to encode with