Hello Jean-Christian,
      The answer is NO NO NO. At the beginning you have talked about
      security. You have to realize that there is no 100% protection
      against hackers. Using strip/addslashes will help you to filter
      some user input not all. :) So try to pick one way and go that
      way. if magic quotes are turned on you want need addslashes if
      they are off you will need them.

Wednesday, July 3, 2002, 6:21:37 PM, you wrote:

JCI> Erik Price wrote:


>> Turn off magic_quotes and do addslashes() explicitly every time you do a 
>> database insert.  Then make sure you always stripslash() data returned 
>> from a database query.
>> magic_quotes is convenient for newbies, but after a while you'll find it 
>> only trips you up, as you've discovered.

JCI> I totally agree.

JCI> Security question: Is turning off magic_quotes and using 
JCI> strip/addslashes() a 100% effective solution against malicious user input?


Best regards,
 Latex                            mailto:[EMAIL PROTECTED]

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to