--- Leon Rosenberg wrote: > And even with an rdbms, have you ever tried to > update like 1.000.000 rows of an in production db > under traffic?
Stuff like that happens all the time, although I tend to do such things at low-traffic times or on a replicated DB (yeah, moving it back takes time too, but that's data for ya'). If the traffic is that high then running it through that huge regexp on each output will be expensive too. > First of all the user data remain untouched. This > could have some legal issues. If that's a huge problem, then duplicate the data; one raw, one filtered. > Than, encoding is cheaper as regexp. Much cheaper. > And you have to encode anyway, since you want to > deliver valid html, wan't you? Encoding? Not if you want the HTML to contain markup, which was what the OP said. > 2. Avoiding DOS exposition since filtering, > especially with regexp, is very expensive. If you need to remove only specific (X)HTML element *attributes* it's going to be expensive anyway. It's cheaper to do it once. You might, btw, need to watch out for content and/or functionality generated via CSS/styling; I don't think this is an issue with IE yet, but w/ Moz-based browsers it *might* be. d. ____________________________________________________________________________________ Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
