Re: Performance of magic_quotes_gpc ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2004-12-19 at 18:31, Michael Gale wrote:
> Hello,
> 
> 	I am working on a ticket tracking system and using htmlentities and 
> htmlspecialchars on text that gets inserted into the database.
> 
> code I have:
> 
> --snip--
> if ((isset($_POST['tentry_body'])) AND strlen($_POST['tentry_body']) > 5) {
> $query .= " tentry_body = '" . 
> htmlentities(htmlspecialchars($_POST['tentry_body'])) . "'";
>   } else {
>   $status="<li class=error>ERROR with entry -- appears to be empty 
> !!!!!</li>\n";
>   $check=1;
>   }
> --snip--
> 
> In the archives people suggest that using mysql_escape_string should be 
> used, I then found that you could globally enable magic_quotes_gpc.
> 
> What is the best method ? Does magic_quotes have a large performance 
> issue ??
> 
> Would it not just be safer to turn it on ??

Learn to write secure code for yourself. Magic quotes are an illusion.

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux