From: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
Sent: Wednesday, April 04, 2001 7:22 PM
> > There was a discussion about things to break in 4.1. magic_quotes_gpc
would
> > definitely be my favourite. I'd like to see it set to off for good and
> > removed from php.ini.
>
> I'd be completely against removing the concept of magic_quotes altogether.
> We can discuss changing the default, but for someone writing simple sql
> pages, it is extremely handy to have PHP deal with escaping stuff for you
> so you don't have a bunch of addslashes() calls everywhere.
Agreed that it's handy and easy, but it's a two-edged sword. If you write
scripts that should be distributed on many different servers, it takes a lot
of code to account for both settings.
I'm one of those control freaks ;) that like to be in total charge about
what data goes in and out of my application. magic_quotes most certainly
messes with that. There are so many other converting methods in PHP that you
need to use, magic_quotes or not, (eg. urlencode/decode), so why must
addslashes be a default?
- Carsten
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
