On 12/20/2012 10:27 AM, David Mehler wrote:
Hello,
I just read the Php5 changelog. Legacy features specifically magic
quotes were removed, does that mean that any system running php 5.4 or
newer does not need to use either addslashes() or stripslashes() when
dealing with form input?
Thanks.
Dave.
As I understood it, addslashes was never preferred, nor was
magic_quotes=on. Now that magic_quotes is gone, you will have to make
sure that you are using some validation/sanitation method on your
incoming data. If you are using mysql for a db, then you should already
be using mysql_real_escape_string in place of addslashes.
The PHP manual has quite a bit on these subjects.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
