[thelist] php/mysql and form input...sorta

[Simon Willison]

At 10:40 16/08/2002 +0100, Simon Willison wrote:
>One last problem: You may think that with magic quotes being such a royal
>pain in the butt it makes sense to disable them or enable them specifically
>at the start of a script using a call to the set_ini() function. This seems
>like a great idea, until you realise that changes to PHP's ini
>configuration in this manner are global rather than local to the currently
>executing script. In other words, if you change the magic quotes ini
>section at the top of your script any other scripts on the same server that
>start executing during the execution of your script will be affected. This
>can lead to all kinds of bizzare problems with slashes cropping up in weird
>places in unrelated scripts. I'm not sure if this is confirmed as a problem
>with magic quotes and the set_ini function but I seem to remember reading
>about it somewhere and it would explain some strange bugs I have seen on
>our company's server.

I just did some checking in the PHP manual. While there was no mention of
the ini_set() function making global changes that affect other scripts
(meaning I could well be wrong on that detail) it turns out that using
ini_set() on the magic quotes function will not have any effect on the
current script any way, as by the time PHP reads that line of your script
it will already have applied the magic quotes setting to incoming data. The
same is true for register_globals as well. See www.php.net/ini_set
(comments section) for more information.

Cheers,

Simon

--
Web Developer, www.incutio.com
Weblog: http://www.bath.ac.uk/~cs1spw/blog/