I have a question about this. Here is from the documentation:
The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data.
Why doesn't this automatically prevent injections, since it escapes out any single quotes they try to submit?
What if the SQL they inject doesn't have any quotes? Depending on how you create your SQL statement, magic_quotes_gpc may have no effect.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
