Security Basics mailing list archives
Re: magic_quotes
From: Pablo Fernández <newsclient () teamq info>
Date: Tue, 21 Jun 2005 20:55:38 +0200
Ok, I read about that, but what I'm asking here is if there's any known problems in using magic_quotes, I mean, besides that "portability" and "performance" crap, which I can care less for the latter (not my server) and anyway the whole performance thing is not that problematic, converting a few variables is not such a big deal. On the portability excuse... well, if I ever switch hosting (which I probably will since my actual hosting sucks) I just will require them magic_quotes, which I guess is enabled in most hostings... Again, the question I asked is in the scenario where magic_quotes *IS ENABLED* Thanks
--- Begin Message --- From: Christoph 'knurd' Jeschke <christoph.jeschke () gmail com>
Date: Tue, 21 Jun 2005 02:05:38 +0200
Steve Hillier schrieb:You should be using mysql_escape_string() to sanitise your input strings if you're going to be using them as-is inside SQL statements.Better use Stored Procedures (MySQL5) and mysql_real_escape_string instead of mysql_escape_string.
--- End Message ---
Current thread:
- magic_quotes Pablo Fernández (Jun 20)
- RE: magic_quotes Steve Hillier (Jun 20)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 21)
- RE: magic_quotes Steve Hillier (Jun 22)
- Re: magic_quotes Pablo Fernández (Jun 22)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 22)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 21)
- RE: magic_quotes Steve Hillier (Jun 20)
- Re: magic_quotes Ben Sytko (Jun 20)
- <Possible follow-ups>
- Re: RE: magic_quotes miguel . vieira (Jun 22)
- Re: magic_quotes maarten (Jun 24)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 27)
- Re: magic_quotes mickael kael (Jun 27)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 28)
- Re: magic_quotes Tony Stahler (Jun 28)