Stefan Esser wrote: > magic_quotes_by_default is a nice way to make scripts (written by novices) > safer. Unfourtunately mqbd forces you to write unsecure scripts. If you put > such > scripts onto a server that doesnt have mqbd they are insecure.
This is true. I bet many novice writes insecure scripts. It may not be good idea for PHP 4.2 :( I'll add more description to http://www.php.net/manual/en/security.variables.php and try again for PHP5. > Hmmm btw... This idea just came to my mind and i don't know if it would be > too much overhead, but what about keeping track of what variables got > already magically quoted and do not quote them again if the script wants it. This idea sounds nice to me :) -- Yasuo Ohgaki -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
