Re[2]: Double checking - I should turn off "magic quotes"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dave,

Monday, June 4, 2007, 3:25:25 PM, you wrote:

>> No, you should check the ini setting in your code and react accordingly.
>>   
> Sorry, I don't quite follow you here. If I turn magic quotes off on both
> my testing environment and my server, as is "preferable" according to 
> the manual, then my ini file will conform to that.

> But I don't see how that relates to the portability of the code. As much
> as possible, I'd like to have others be able to run my scripts with 
> minimum hassle.

> If I make my development environment and my own web hosting server 
> conform to the "preferable" set up, but most servers default to having
> magic quotes on, then won't my code break on most people's servers?

In your code you check to see if magic quotes is enabled or not:

http://uk2.php.net/manual/en/function.get-magic-quotes-runtime.php
http://uk2.php.net/manual/en/function.get-magic-quotes-gpc.php

You can check if magic quotes is on, and if so you can strip the
incoming data accordingly. You cannot disable GPC quoting unless you
have access to set php values (ini file, htaccess, etc), but you *can*
disable runtime quoting (which is what happens when data is fetched
from a database). On the basis that you can't disable GPC quoting you
only need to know what state the data you receive will be in, and
treat it accordingly.

Cheers,

Rich
-- 
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux