NYCPHP Meetup

[nycphp-talk] Is there something wrong with this SQL query in PHP?

Gary Mort bz-gmort at beezifies.com
Wed Aug 15 09:55:55 EDT 2007


csnyder wrote:
> On 8/15/07, Anthony Wlodarski <aw at sap8.com> wrote:
>   
>> So I was doing some reading on magic quotes and wrote a simple check to see
>> if it is on or not.  On our box magic quotes are disabled (which is the way
>> I would prefer it, I would rather manually add my own slashes to sequences
>> that need it) but my shared hosting has magic quotes enabled.  Now I know
>> the admin of the shared hosting is not going to turn off magic quotes
>> because not everyone that uses the services are diligent programmers.
>>     
>
> See http://us3.php.net/manual/en/security.magicquotes.disabling.php --
> you can either disable it in an .htaccess file at the web root, or you
> can use get_magic_quotes_gpc() to check for it and, if on, apply
> stripslashes() to input values.
>
>   

Oh, doh.  the C in GPC stands for cookie, so yeah you can strip it off 
the cookies and request variable as well.



More information about the talk mailing list