Storing HTML in SQL Server

VARCHAR(MAX) if it's all going to be ascii-based, say for basic HTML tepmplates

NVARCHAR(MAX) if the HTML could contain any content

NVARCHAR will double your storage use as it uses double the amount of space as VARCHAR. HTML itself does not require NVARCHAR, only the content in-between the HTML tags could based on the language, etc..

Edit:

Many years on from giving this answer I almost always use NVARCHAR now if there is any between the tag content. Unicode is popular...

I only use VARCHAR if just storing simple html templates, eg tags and placeholders

eg: <div><span>[PLACEHOLDER]</span><div>

Make the call based on your use-case..

Which datatype can be used for storing HTML files in database?

Since you want to store both the HTML of the web page as well as the images, you might want to consider storing the images in the file system instead. Here is a comparison of the advantages and disadvantages of both options:

Storing Images in DB - Yea or Nay?

If you decide to store them in the DB, the appropriate data types are:

nvarchar(MAX) for the HTML text and
varbinary(MAX) for the images.

How to save HTML code in Sql Server database for correct display?

Another possible solution is to replace the html tags before storing in database. What I did is :-

text=text.replaceAll("<", "<");
text=text.replaceAll(">", ">");

and then stored text in database and its working. Thanks to Bibin Mathew.

Is storing HTML as blob information in SQL Server a good idea?

It's (presumably) guaranteed to always textual data so there is little point in considering a binary type.

Classical blob types like IMAGE/TEXT are depreciated and should be avoided, instead if you are constrained by the maximum limit of a N/VARCHAR look at VARCHAR(MAX) or of the current BLOB offerings FILETABLE.

Best practice for storing HTML in mysql DB

Storing HTML in the database is not intrinsically unsafe, any more than storing plain text is intrinsically unsafe. The risk of SQL injection is trivially mitigated by using prepared statements and proper placeholders. Escaping is neither necessary nor is it best practice for preventing SQL injection. Prepared statements are.

Conversely, XSS and other HTML-related vunerabilities have nothing to do with the database and everything to do with rendering HTML to viewers from untrusted sources. The same vulnerabilities would be there if the HTML were simply stored in files, with no database at all, so there is no need to protect the database from malicious HTML. The database has no knowledge of or vulnerability to what's contained in stored HTML content, because it doesn't render or interpret the HTML... again, as long as your database interactions use prepared statements. There are no acceptable justifications for avoiding those.

To exaggerate the point to an extreme, it would be perfectly safe to store files containing viruses as blobs in a database, because the database does not execute the data stored in it, as code. The vulnerability would be to the users downloading those viruses.

Storing multi line html encoded string into sql

This was quite simple when i tried posting html code from middle ware.
The problem is when i tried to post an html code to database it was showing error because of some random double quotes. So while sending that html code from middle ware i just replaced the double quotes to ignore double quotes. i did like

my html code to be stored in db

var htmlCodeToBeStored = 
"<p>this kind of text i'm storing into database</p><pre class="code- 
 pre">var uri = "my test.asp?name=ståle&car=saab"; 
 var enc = encodeURI(uri);
 var dec = decodeURI(enc); 
 var res = enc + "<br>" + dec;
 </pre>"

I replaced above string with as below
htmlCodeToBeStored = htmlCodeToBeStored.replace(/"/g, "\"")

with that simple change i'm able to store my ans into data base.

Storing HTML in SQL Server