On Nov 2, 2005, at 6:08 PM, Michael Glaesemann wrote:
As an aside, it's interesting to see that the PHP documentation states:
---
Magic Quotes is a process that automagically escapes incoming data to
the PHP script. It's preferred to code with magic quotes off and to
instead escape the data at runtime, as needed.
Haven't been totally immersed in this thread but here are reasons given
for not using Magic Quotes:
http://us2.php.net/manual/en/security.magicquotes.whynot.php
And here is pg_escape_string() :
http://us3.php.net/manual/en/function.pg-escape-string.php
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly
