Page 1 of 1

Magic Quotes versus Addslashes

Posted: Wed Jan 12, 2005 3:30 am
by onion2k
Simple question really: Do you rely on magic quotes to stop SQL injection, or do you code everything with addslashes?

Posted: Wed Jan 12, 2005 4:40 am
by AGISB
If you code for yourself it doesn't really matter in my opinion.

However if you code for clients where you cannot control php.ini 'Magic Quotes' has unpredictable risks as you never know if it is turned on or not.

Posted: Wed Jan 12, 2005 8:58 am
by feyd
I code for both events using get_magic_quotes_gpc() or the other one (it's been a while) to tell if I need to strip the incoming data and re-add anything if it's hitting the database.

Posted: Tue Jan 18, 2005 4:45 am
by McGruff

Posted: Tue Jan 18, 2005 10:52 am
by malcolmboston
*nods at McGruff*

Magic quotes are not the best way to go

Posted: Wed Jan 19, 2005 11:57 pm
by kgourad
I prefer the slash method since I like to have localized control on the code.


khalid Gourad

===Code Free or Die ===========