> Disabling magic quote will reduce amount of code and increase
> performance a little, unless application is very small. Without
> magic_quote, script does not have to get rid of slashes to use
> value from browser and add slashes again before feeding to
> database. Code would be cleaner and easier to read also.
> (Especially for programmers are not used to PHP.)
And, you should never assume magic quotes is on or off. If you're
developing for an environment you cannot control, but using an
environment that you CAN control, you should code around magic
quotes' presence or absence as neccessary:
<?
if (!get_magic_quotes_gpc())
{
// Magic quotes is off
$variable = addslashes($variable)
}
// Now it's safe to do a DB insertion.
?>
This code would happily exist on servers both with and without
magic quotes enabled.
Jason
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
- [PHP] is it safe to stripslashes() on all form varia... Noah Spitzer-Williams
- Re: [PHP] is it safe to stripslashes() on all f... Plutarck
- Re: [PHP] is it safe to stripslashes() on all f... Yasuo Ohgaki
- Re: [PHP] is it safe to stripslashes() on a... Noah Spitzer-Williams
- Re: [PHP] is it safe to stripslashes() on all f... Alexander Skwar
- Re: [PHP] is it safe to stripslashes() on all f... Yasuo Ohgaki
- Re: [PHP] is it safe to stripslashes() on a... Yasuo Ohgaki
- Jason Murray
