Erik Price wrote:


> Turn off magic_quotes and do addslashes() explicitly every time you do a 
> database insert.  Then make sure you always stripslash() data returned 
> from a database query.
> magic_quotes is convenient for newbies, but after a while you'll find it 
> only trips you up, as you've discovered.

I totally agree.

Security question: Is turning off magic_quotes and using 
strip/addslashes() a 100% effective solution against malicious user input?


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to