Декодирование HTML тегов в SQL

Данную функцию можно использовать как дополнительное средство для защиты от XSS атак (пользователю запрещено сохранять теги в тексте)

ALTER FUNCTION [dbo].[str_htmlEncode]
(
    @UnEncoded as varchar(max)
)
RETURNS varchar(max)
AS
BEGIN
  DECLARE @Encoded as varchar(500)

  --order is important here. Replace the amp first, then the lt and gt. 
  --otherwise the &lt will become < 
  SELECT @Encoded = 
  Replace(
    Replace(
      Replace(@UnEncoded,'&','&'),
    '<', '&lt;'),
  '>', '&gt;')

  RETURN @Encoded
END

Additional

SQL-tool for creating personal accounts on the site

The essence of the approach and the history of the creation of Falcon Space
Web platform for creating personal accounts

Falcon Space Platform

This is a reduction in the cost of ownership

at the expense of fewer people to support

This is a quick change

while using the program

This is a modern interface

full adaptation for mobile devices

MS SQL web applications. Affiliate program for developers and web studios

You can develop on your own or collaborate with us on Falcon Space web development using only SQL and HTML.
See examples with SQL code
Platform documentation
Working on MS SQL Server
Component demo stand
At the stand you can see various components in action - tables, forms, modal windows, diagrams, a map, etc.
Solution demo site
Basic solutions that can be flexibly adapted for yourself - change the appearance, business logic and even the structure of the database.
Discuss the project
Ask the initial questions about the project that concern you right now. We will advise you for free and recommend the best solution.