David,
Thank you for replying.
The way you write that makes me hope you understand how
mysql_real_escape_string should be used. You do understand that you don't
run it on the query, rather on the individual string variables that will be
passed to the query.
Thank you for your concern and
Richard Lynch wrote:
On Mon, June 4, 2007 9:02 am, Dave M G wrote:
I've read on the manual that it's preferred to code with magic quotes
off and to instead escape the data at runtime, as needed:
Recently, while configuring my PHP so as to install the GD libraries,
that the default option was
Dave M G wrote:
Robert , PHP General,
Thank you for replying and explaining the situation clearly.
Neither! It means using mysql_real_escape_string():
http://www.php.net/manual/en/function.mysql-real-escape-string.php
I have now made it so each and every queries to the database pass
On Mon, June 4, 2007 9:02 am, Dave M G wrote:
I've read on the manual that it's preferred to code with magic quotes
off and to instead escape the data at runtime, as needed:
Recently, while configuring my PHP so as to install the GD libraries,
that the default option was to have magic quotes
On Mon, June 4, 2007 9:25 am, Dave M G wrote:
Since my database is MySQL, does that mean using addslashes() and
stripslashes()? In other words manually doing what magic quotes was
doing automatically?
Please start reading here:
http://phpsec.org
And, for the record, no, addslashes is NOT the
PHP General,
I've read on the manual that it's preferred to code with magic quotes
off and to instead escape the data at runtime, as needed:
Recently, while configuring my PHP so as to install the GD libraries,
that the default option was to have magic quotes turned on.
I just want to
On Mon, 2007-06-04 at 23:02 +0900, Dave M G wrote:
PHP General,
I've read on the manual that it's preferred to code with magic quotes
off and to instead escape the data at runtime, as needed:
Indeed this is preferable.
Recently, while configuring my PHP so as to install the GD libraries,
Robert ,
Thank you for your quick reply.
If it's okay, I'd just like to clarify the points you raise.
I just want to double check here what to do. Should I disable magic
quotes on my server?
Not unless you're certain you don't have any script that rely on magic
quotes. If you do, then
Hi Dave,
Monday, June 4, 2007, 3:25:25 PM, you wrote:
No, you should check the ini setting in your code and react accordingly.
Sorry, I don't quite follow you here. If I turn magic quotes off on both
my testing environment and my server, as is preferable according to
the manual, then my
On Mon, 2007-06-04 at 23:25 +0900, Dave M G wrote:
Robert ,
Thank you for your quick reply.
If it's okay, I'd just like to clarify the points you raise.
I just want to double check here what to do. Should I disable magic
quotes on my server?
Not unless you're certain you
Robert , PHP General,
Thank you for replying and explaining the situation clearly.
Neither! It means using mysql_real_escape_string():
http://www.php.net/manual/en/function.mysql-real-escape-string.php
I have now made it so each and every queries to the database pass
through
11 matches
Mail list logo
