Should we HTML-encode special characters before storing them in the database?

Question

I use MySQL to store data and my web pages are all encoded as UTF-8. I have a lot of Portuguese characters such as ç and õ and I\'m wondering if I

Answer 1

I would argue that encoding on the way into the database is actually a security risk, because it means you presumably won't be encoding between database and browser (as this would lead to double encoding). That means that if there is a route either now or in future for unencoded data to get into your database then that will be sent to the browser unencoded. Better to encode between database and browser and therefore store unencoded IMHO.