Magic quotes good or Bad?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi guys.

I've just read an article that gives a good explanation about escaping single quote characters with slashes, the author then says that magic_quotes_gpc can do this for you if enabled on your server, he then he also mentions how if your magic_quotes_gpc are not turned on/enabled that you could use addslashes() with the same result and when retrieving info from the database that we need to use stripslashes().

All seems hunky dory but then he concludes that magic_quotes_gpc that they are evil as we have less control over the information we receive. Which does make sense. So should i avoid magic_quotes_gpc all together? my local development server has them enabled and when testing the input of a textfield that does a select query I input 'hello' (including single quotes) and it works really well with the single quotes escaped. But my live server has them disabled and therefore the single quotes break the SQL statement. So on my live server should I enable magic_quotes_gpc or should I use addslashes() and stripslashes()?

Thanks in advance.
--

Angelo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux