So I was doing some reading on magic quotes and wrote a simple check to see if it is on or not. On our box magic quotes are disabled (which is the way I would prefer it, I would rather manually add my own slashes to sequences that need it) but my shared hosting has magic quotes enabled. Now I know the admin of the shared hosting is not going to turn off magic quotes because not everyone that uses the services are diligent programmers.
So let us say magic quotes are on and I have a string like so. $str = "You're didn't dood it."; So if that is passed to a different script in say a $_POST['str'] variable would then the string look like "You\'re didn\'t dood it."? Now even if magic quotes are enabled and I use mysql_real_escape_str($_POST['str']) would the string then look like "You\\\'re didn\\\'t dood it."? I am just trying to find a safe practice for every time I have to use a SQL query. Anthony Wlodarski Senior Technical Recruiter Shulman Fleming & Partners 646-285-0500 x230 [EMAIL PROTECTED]
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
