Hello Jean-Christian, The answer is NO NO NO. At the beginning you have talked about security. You have to realize that there is no 100% protection against hackers. Using strip/addslashes will help you to filter some user input not all. :) So try to pick one way and go that way. if magic quotes are turned on you want need addslashes if they are off you will need them.
Wednesday, July 3, 2002, 6:21:37 PM, you wrote: JCI> Erik Price wrote: >> >> Turn off magic_quotes and do addslashes() explicitly every time you do a >> database insert. Then make sure you always stripslash() data returned >> from a database query. >> >> magic_quotes is convenient for newbies, but after a while you'll find it >> only trips you up, as you've discovered. JCI> I totally agree. JCI> Security question: Is turning off magic_quotes and using JCI> strip/addslashes() a 100% effective solution against malicious user input? JCI> Jc -- Best regards, Latex mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php