On Thu, 4 Apr 2002, Erik Price wrote: > I was hoping someone could just clarify something for me -- exactly WHAT > is a Get/Post/Cookie operation in this case -- is it just during the > uploading of Get/Post/Cookie data from the user agent, or is it also > when I am taking a $_POST variable and passing it through a > string-altering function, etc?
You're correct, it's just the first time the data enters your program's variable space. Personally, I find magic_quotes_gpc to be an abomination. Maybe for kindergarten programs where you're just dumping from a form into a database it's a good handholding measure, but if you're trying to do any serious validation or post-processing of user-entered data, it's a pain. I find it much simpler to turn it off, and then just addslashes all strings before they go into the database. I use a function to build my SQL inserts and updates, that takes an array of types, values, SQL field names, and field sizes. It does all necessary data preparation (calls intval on integers, addslashes and substr on strings, etc.) and then returns a SQL statement with clean data. With something like that you don't have to try to keep track of addslashing and stripslashing all over the place, and you don't have any evil-data worries. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php