If you are using a database, you are probably using a server-side language. If it is
servlets and
JSP then use of the JSTL <c:out> action will automatically encode output properly.
I will disagree with Eric with regards to encoding the data sent to the database. That limits it usefulness for environments other than the web. The data should be encoded on
output.
[ October 16, 2006: Message edited by: Bear Bibeault ]