[thelist] magic_quotes_gpc vs. addslashes in PHP
Sarah Sweeney
mr.sanders at designshift.com
Wed Jul 21 10:35:11 CDT 2004
I've been looking into setting the magic_quotes_gpc value locally (in
.htaccess) for a site on a virtual host. In my googling, I've read
several posts where people say they prefer to use addslashes() to
setting magic_quotes_gpc for the whole site. It seems to me this would
make it possible for me to forget to addslashes() to a GET or POST
variable, leaving the site more vulnerable to SQL injection attacks. So
what is the benefit of using addslashes() rather than magic_quotes_gpc?
--
Sarah Sweeney
Web Developer & Programmer
Portfolio :: http://sarah.designshift.com
Blog, etc :: http://hardedge.ca
More information about the thelist
mailing list