Lukas Smith wrote: > > Actually the default is on and even though I do not like them myself I > think this is what most people develop against. So I guess it might make > things easier if you keep it on as well.
I don't think it makes things easy. See what magic_quotes_gpc means: quote in the MySQL style all the variables that comes from POST, GET or COOKIES. So the default php installation blatanly assumes that: "All the vars you get from forms or cookies will be inserted in a MySQL database by a user who doesn't take care on quoting data before inserting (or it will result in duble quoting)", does this make any sense? Just for informing people about this: turn off magic_quotes_gpc if you use placeholders (prepare/execute) with PEAR DB!! Tell people that they should take care of quoting data by them selves and tell them that there is nice mysql_escape_string() func for that. At least will be kind if the build process could put this directive to Off if you use --without-mysql and also if more backends are specified. > Anyways you can of course make your code aware of this feature and if > its on or off (get_magic_quotes() ... iirc) . That is not always posible as many times you are unable to know if a var comes from "GPC" untouched or not. It's even worse, because people are not able to disable magic_quotes_gpc with ini_set() (for people who doesn't have access to php.ini or .htaccess). Just my wishes to see a change on this. Tomas V.V.Cox -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
