Gabor Hojtsy wrote: > Then still I am conserned about the vulnerability of this code against > SQL injection in case magic_quotes is turned off, but AFAIK some other > code in the master module also relies on that setting. I would like to > ask the system guys first if we still should rely on it?
Relying on magic_quotes is not the biggest problem. E.g. this line makes me scared: > DELETE FROM note WHERE id=$id Jakub Vrana
