Hi guys.
I've just read an article that gives a good explanation about escaping single quote characters with slashes, the author then says that magic_quotes_gpc can do this for you if enabled on your server,
he then he also mentions how if your magic_quotes_gpc are not turned on/enabled that you could use addslashes() with the same result and when retrieving info from the database that we need to use
stripslashes().
All seems hunky dory but then he concludes that magic_quotes_gpc that they are evil as we have less control over the information we receive. Which does make sense. So should i avoid magic_quotes_gpc
all together? my local development server has them enabled and when testing the input of a textfield that does a select query I input 'hello' (including single quotes) and it works really well with
the single quotes escaped. But my live server has them disabled and therefore the single quotes break the SQL statement. So on my live server should I enable magic_quotes_gpc or should I use
addslashes() and stripslashes()?
Thanks in advance.
--
Angelo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php