-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (12/02/14 22:07), Reindl Harald wrote: > who in the world has magic_quotes on and does rely on any > addslashes() or magic_quotes thinking this makes any query > safe against sql-injection? > > without mysql_real_escape() you are completly unprotected > in every case and magic_quotes was one of the badest > things ever implemented >
Of course I agree with you. (And, basically, we should use prepared statement but it is not main topic...) - -- Kousuke Ebihara <kous...@co3k.org> http://co3k.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPOmB/AAoJECNvap7T8JfFBNkH/0DWPJMZoCkCSZVTs8NH4cYZ PGedQlyXX8eEEdbZwgdVYcrOXEXq9Gh6S875oWwjacC2FGNtdDs+1y1tBU7wlvkF SOnecZFdzis0Fp5vauAF/9lGJ4MmFa3CmLOrI0OeSJoGLSD3pcYtAZQff1HjyEej BAYwxgMvhmsifnMMSJ6bVbQH7VLjgfm8uxXxdNJfMze5zYExnr5Otn3ku08Crv/e vAi94krJU5WgtKwdshAV+JXPvWxKoK4+/ooIDXT9Uvv4p/6q79H3++5lh7nHcGAw GijWuTIPOlSVTvAOenlcitj/CfQjcNp+9GS9a1XsDkXZL0+cyzRZYQpvwKpwF5A= =0laO -----END PGP SIGNATURE----- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
