Erik Price wrote:
> Turn off magic_quotes and do addslashes() explicitly every time you do a
> database insert. Then make sure you always stripslash() data returned
> from a database query.
> magic_quotes is convenient for newbies, but after a while you'll find it
> only trips you up, as you've discovered.
I totally agree.
Security question: Is turning off magic_quotes and using
strip/addslashes() a 100% effective solution against malicious user input?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php