I couldn't tell you the technicals of it, but just from the php documentation: " This function must always (with few exceptions) be used to make data safe before sending a query to MySQL." On 5/12/05, Richard Lynch <ceo@xxxxxxxxx> wrote: > On Thu, May 12, 2005 12:39 pm, James Williams said: > > I'm pretty sure that, in order to use mysql_real_escape_string() you > > must have magic quotes off or use stripslashes first... the same as > > addslashes, so it should work if you just search and replace. Don't > > quote me on that though > > Well, yes, but you see it's no longer as simple as a global search and > replace, since there is no addslashes all over the place. > > I have to hand-examine every file in, what, almost a decade's worth of > code spread over several dozen websites? > > What is the CURRENT security advantage, if any, to > mysql_real_escape_string versus Magic Quotes? > > -- > Like Music? > http://l-i-e.com/artists.htm > > -- jamwil.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
