Yasuo Ohgaki wrote: > Stefan Esser wrote: > >> magic_quotes_by_default is a nice way to make scripts (written by >> novices) >> safer. Unfourtunately mqbd forces you to write unsecure scripts. If >> you put >> such >> scripts onto a server that doesnt have mqbd they are insecure. > > > This is true. I bet many novice writes insecure scripts. > It may not be good idea for PHP 4.2 :( > > I'll add more description to > http://www.php.net/manual/en/security.variables.php > and try again for PHP5. > > > Hmmm btw... This idea just came to my mind and i don't know if it > would be > > too much overhead, but what about keeping track of what variables got > > already magically quoted and do not quote them again if the script > wants it. > > This idea sounds nice to me :) >
Forgot to ask if anyone objects to make magic qoutes off by default for PHP5. Anyone? -- Yasuo Ohgaki -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
