On 2003-06-13 14:42-0400, Pushpinder Singh Garcha wrote: > How is variable poisoning possible when using $_POST ?? I always felt > that the php compiler should check to see if the variable was part of > the POST Global array. At least this is is what I thought about the > $_POST global array.
It will do so only if magic_quotes_gpc is on. I tend not to rely on that, especially when we have mysql_escape_string() easily available. -Zak -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php