Please, enlighten us all and demostrate a case of SQL Injection that gets around magic quotes. I know am I trying to think of one - and I can't come up with one. Instead of just claiming it to be 'evil' why don't you actualy back the statement up with some reasoned arguments? I hate FUD. Alex On 11/3/05, Hannes Dorbath <light@xxxxxxxxxxxxxxxxxxxx> wrote: > On 03.11.2005 04:12, Alex Turner wrote: > > I would have to say that for security purposes - I would want magic > > quotes _on_ rather than off for the whole reasons of SQL Injection > > that we already talked about. > > magic_quotes is evil and does if anything only prevent the simplest > cases of SQL injections. Keep it turned off. Use > http://php.net/pg_query_params exclusively to build secure queries.. > > > -- > Regards, > Hannes Dorbath > > ---------------------------(end of broadcast)--------------------------- > TIP 5: don't forget to increase your free space map settings > ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
