Erik Price wrote: >
> Turn off magic_quotes and do addslashes() explicitly every time you do a > database insert. Then make sure you always stripslash() data returned > from a database query. > > magic_quotes is convenient for newbies, but after a while you'll find it > only trips you up, as you've discovered. I totally agree. Security question: Is turning off magic_quotes and using strip/addslashes() a 100% effective solution against malicious user input? Jc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
