RE: does magic_quotes_gpc prevents sql injection through forms?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>I think the more likely attack is actually due to how annoying
>magic_quotes is.  You have to remove it to do any work, then you have to
>remember to put it back on because you aren't escaping your sql.


>David

What exactly do you mean by ' You have to remove it to do any work '?

Seems that the only and best way to prevent mysql injection is the
combination of mysql_real_escape_string combined with value validation.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux