On 12/20/2012 10:27 AM, David Mehler wrote:

I just read the Php5 changelog. Legacy features specifically magic
quotes were removed, does that mean that any system running php 5.4 or
newer does not need to use either addslashes() or stripslashes() when
dealing with form input?


As I understood it, addslashes was never preferred, nor was magic_quotes=on. Now that magic_quotes is gone, you will have to make sure that you are using some validation/sanitation method on your incoming data. If you are using mysql for a db, then you should already be using mysql_real_escape_string in place of addslashes.

The PHP manual has quite a bit on these subjects.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to