If you have magic_quotes_gpc = On in your php.ini file, which it is by
default, does one still need to have the addslashes function in their
coding?
When I'm inserting into my database, I have addslashes in place, and I
haven't change the default value of magic_quotes_qpc = On. I havn't
seen any
If you are doing both addslashes() and have magic_quotes_gpc turned on,
then yes, you are double-escaping things.
From a performance-perspective I doubt you could measure much difference,
but I suppose doing it through magic_quotes_gpc would be faster assuming
you need to escape all your GPC
I think always using addslashes is better because you have to write
clean cide instead of trusting in a funktion which can be disabled on
some servers.
To avoid double-escaping I use this code:
function stripslashes_array($array) {
reset($array);
while(list($key,$val)=each($array)) {
3 matches
Mail list logo
