Actually, input might be the better option as one rarely needs to accept HTML or such special characters.
It's also a more common to display or use data than storing it, so you don't have that many places where you can fail when you just convert the input before storing it.
It's nice to be able to trust all data coming from the server.
It's also a more common to display or use data than storing it, so you don't have that many places where you can fail when you just convert the input before storing it.
It's nice to be able to trust all data coming from the server.