Apologies if you already received this message, I tried to send it
earlier from my webmail but it doesn't seem to have worked.
Al wrote:
Just use stripslashes() on your submitted data and forget about
testing for magic_quotes. It's good practice anyhow. \" is not legit
text regardless.
Using stripslashes() on all submitted data is most certainly *not* good
practice. If magic_quotes_gpc is later turned off or you're using one of
the versions of PHP with buggy magic_quotes_gpc support then you can
easily lose data. Reversing the effects of magic_quotes_gpc is far from
trivial, there's lots of potential for subtle bugs, let alone completely
forgetting about $_COOKIE.
See my earlier reply for a real solution.
Arpad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
