PHP General,
I've read on the manual that it's "preferred to code with magic quotes
off and to instead escape the data at runtime, as needed":
Recently, while configuring my PHP so as to install the GD libraries,
that the default option was to have magic quotes turned on.
I just want to double check here what to do. Should I disable magic
quotes on my server?
Also, I'm developing code that I hope others can use. For the purposes
of portability, is it safe to assume that most environments will have
magic quotes off, and build for that?
So I should disable magic quotes on my testing environment and do my own
escaping?
While I'm asking about escaping, is converting characters like
apostrophes and ampersands to hex characters before storing them in a
MySQL database a safe way to go?
Thank you for any advice.
--
Dave M G
Ubuntu Feisty 7.04
Kernel 2.6.20-15-386
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
