> Now I'm guessing that magic_quotes_runtime is the > one I need to have on, but is that so? I'm also > guessing that aside from using addslashes() and > stripslashes(), I could prob'ly turn on magic_quotes > in php_ini. > > But perhaps because of how I've heard turning > register_globals on via php.ini is a security > hazard, I'm leery of messing with php.ini at all.
Magic Quotes is not a security hazard (quite the opposite) so turning it on shouldn't be dangerous. I don't suppose the book tells you why you should always use magic-quotes or addslashes when dealing with databases? If you do not use form-data in a database-query you generally won't need magic-quotes or addslashes(). I guess that's the reason some of those magic_quotes_xyz are not enabled in the php.ini. It's easy enough to check whether you have the magic quotes you need. Write a simple form-page that simply displays what was posted, then post something like: "I'll be back" If the page displays: \"I\'ll be back\" then you're safe and don't need to use addslashes(). /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php