can anyone tel which one is a best practise,
set magicquotes to "off" in php.ini or manually doing it during runtime?
Code: Select all
if(!get_magic_quotes_gpc())
{
$username = stripslashes($_POST['username']);
}else{
$username = $_POST['username'];
}every variable tht has been passed should escape magic quotes?
when to use strip slashes and add slashes??
many thanks,
pavan.p