ValidateRequest=False HtmlEncode and The Best Method

[\A_Michigan_User\]

I guess I'm not understanding this correctly.

I have to set "ValidateRequest=False" for my asp.net 1.1 page that has a
TextBox... so that I can avoid an error... if some user enters
some html or script coding into it. (Should I HtmlEncode it with
Server.htmlEncode or HttpServerUtility.HtmlEncode ???)

From what I've read... I guess I'm supposed to do it this way:
1. HtmlEncode the user input that's in the TextBox.
2. Save it to the database.
then...
3. Load it from the database.
4. Decode it.
5. Display it to the user.

Isn't step #1 wasting extra database space? (Since encoding changes some
single characters into 4 characters.)
And step #2 is saving "safe text". (But it can't really harm anyone just
sitting in the database... as unsafe-text.)
And doesn't #4 convert the safe-text back into UNSAFE text? (Is that
wise????)

=======================

Or would this method make more sense:
A. Save the unsafe-text to the database... as-in.
then...
B. Load it from the database.
C. Encode it. (Converting unsafe-text to safe-text)
D. Display it to the user.

Help!

 

[aamirghanchi]

since it has been 4 yearssince your post and I hope you have figured it out by now. Your solution will work, but it will show all those odd characters in the display i.e. > will be represented as > and so on.