Magic_Quotes - what's the downside of having them on?
Posted: Fri Apr 04, 2003 11:19 am
I'm just beginning to learn PHP and MySQL web development. According to the book I'm reading, I can turn on magic_quotes_gpc and magic_quotes_runtime so that I don't have to use the addslashes() and stripslashes() functions when dealing with user-inputted data.
Now, when I look at my php.ini file, they are set to "off" by default. I assume that they're off for a reason. But, this book (PHP and MySQL Web Development by Luke Welling and Laura Thomson - very good book by the way) does not give any reasons why you shouldn't turn them on.
The only reason I can see for having them off, is so that you get used to writing code with the before-mentioned functions, just incase your script is run from a server that you can't control the settings in php.ini.
Does anybody no any reason, that I shouldn't set either magic_quotes_gpc or magic_quotes_runtime to "on"? It seems like such a nice convenience.
Thank you,
Swede
Now, when I look at my php.ini file, they are set to "off" by default. I assume that they're off for a reason. But, this book (PHP and MySQL Web Development by Luke Welling and Laura Thomson - very good book by the way) does not give any reasons why you shouldn't turn them on.
The only reason I can see for having them off, is so that you get used to writing code with the before-mentioned functions, just incase your script is run from a server that you can't control the settings in php.ini.
Does anybody no any reason, that I shouldn't set either magic_quotes_gpc or magic_quotes_runtime to "on"? It seems like such a nice convenience.
Thank you,
Swede