magic_quotes_by_default is a nice way to make scripts (written by novices) safer. Unfourtunately mqbd forces you to write unsecure scripts. If you put such scripts onto a server that doesnt have mqbd they are insecure.
>From my point of view enabling mq by default was a very very bad idea, cause its the wrong way to fight unsecure scripts. People must learn what they have to do and what they have not to do. Anyway it would be even worse to disable mq by default in the next release. It breaks not many scripts I guess, but it would break their security, because most scripts are not designed to work without mqbd today. Hmmm btw... This idea just came to my mind and i don't know if it would be too much overhead, but what about keeping track of what variables got already magically quoted and do not quote them again if the script wants it. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
