The answer is NO NO NO. At the beginning you have talked about
security. You have to realize that there is no 100% protection
against hackers. Using strip/addslashes will help you to filter
some user input not all. :) So try to pick one way and go that
way. if magic quotes are turned on you want need addslashes if
they are off you will need them.
Wednesday, July 3, 2002, 6:21:37 PM, you wrote:
JCI> Erik Price wrote:
>> Turn off magic_quotes and do addslashes() explicitly every time you do a
>> database insert. Then make sure you always stripslash() data returned
>> from a database query.
>> magic_quotes is convenient for newbies, but after a while you'll find it
>> only trips you up, as you've discovered.
JCI> I totally agree.
JCI> Security question: Is turning off magic_quotes and using
JCI> strip/addslashes() a 100% effective solution against malicious user input?
Latex mailto:[EMAIL PROTECTED]
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php