Beware of doubly escaped ampersands

It's not uncommon to see web pages with text showing incorrectly as "blah" instead of "blah". (A simple search for the text '"' will return numerous examples of such errors.)

This is caused by overzealous escaping of special characters. The ampersand character '&', in particular, is doubly special: it is both a special character, and forms part of the escape mechanism itself, as in '>' and '"'.

If text containing any special character is escaped twice, then the above mentioned problem occurs. A simple example shows why:

The most common cause of such double escaping occurs by: Since the escaping is related to HTML - that is, to the presentation layer - it's recommended that the database not store data in its escaped form.

See Also :
Escape special characters
Beware of common hacks