[thelist] magic_quotes_gpc vs. addslashes in PHP

Sarah Sweeney mr.sanders at designshift.com
Wed Jul 21 10:35:11 CDT 2004

I've been looking into setting the magic_quotes_gpc value locally (in 
.htaccess) for a site on a virtual host. In my googling, I've read 
several posts where people say they prefer to use addslashes() to 
setting magic_quotes_gpc for the whole site. It seems to me this would 
make it possible for me to forget to addslashes() to a GET or POST 
variable, leaving the site more vulnerable to SQL injection attacks. So 
what is the benefit of using addslashes() rather than magic_quotes_gpc?

Sarah Sweeney
Web Developer & Programmer
Portfolio :: http://sarah.designshift.com
Blog, etc :: http://hardedge.ca

More information about the thelist mailing list