On Thu, May 12, 2005 12:39 pm, James Williams said: > I'm pretty sure that, in order to use mysql_real_escape_string() you > must have magic quotes off or use stripslashes first... the same as > addslashes, so it should work if you just search and replace. Don't > quote me on that though Well, yes, but you see it's no longer as simple as a global search and replace, since there is no addslashes all over the place. I have to hand-examine every file in, what, almost a decade's worth of code spread over several dozen websites? What is the CURRENT security advantage, if any, to mysql_real_escape_string versus Magic Quotes? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
