On Tue, April 24, 2007 3:33 pm, Justin Frim wrote: > (unfortunately in PHP these are enabled by default. AHH! Which > idiot > thought this was a good idea to turn them on by default? Rasmus thought it was a Good Idea because it was very convenient for his needs at the time, which as simple form processing, cramming it into the DB, in an era where SQL injection and XSS attacks had about the same contextual relevance as "AIDS" had in the the Summer of Love... (I.e., none) Then we were trying to avoid breaking BC in a big way, which may have been a mistake, but there it is. I think maybe I recall reading that PHP 6 won't even have Magic Quotes, much less have them on by default... But maybe that was just a dream... You can Google for Derick Rethan's (sp?) Paris PHP Meeting Notes of a PHP 6 roadmap and find out for sure, or check Lukas' PHP ToDo Wiki to be even more current/certain. PS It's sure a lot easier when you have some control over the environment and can just turn the dang things off in .htacess :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
