The current php.ini-recommended in CVS for 5.2 has this at line 95...
; - magic_quotes_gpc = Off [Performance]
; Input data is no longer escaped with slashes so that it can be
sent into
; SQL databases without further manipulation. Instead, you should
use the
; function addslashes() on each input element you wish to send to a
database.
As far as I was aware addslashes is inadequate for this purpose. Should
this not point people to use database-specific escaping functions rather
than addslashes?
-Stut
--
http://stut.net/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php