[nycphp-talk] Is there something wrong with this SQL query in PHP?
Gary Mort
bz-gmort at beezifies.com
Wed Aug 15 09:55:55 EDT 2007
csnyder wrote:
> On 8/15/07, Anthony Wlodarski <aw at sap8.com> wrote:
>
>> So I was doing some reading on magic quotes and wrote a simple check to see
>> if it is on or not. On our box magic quotes are disabled (which is the way
>> I would prefer it, I would rather manually add my own slashes to sequences
>> that need it) but my shared hosting has magic quotes enabled. Now I know
>> the admin of the shared hosting is not going to turn off magic quotes
>> because not everyone that uses the services are diligent programmers.
>>
>
> See http://us3.php.net/manual/en/security.magicquotes.disabling.php --
> you can either disable it in an .htaccess file at the web root, or you
> can use get_magic_quotes_gpc() to check for it and, if on, apply
> stripslashes() to input values.
>
>
Oh, doh. the C in GPC stands for cookie, so yeah you can strip it off
the cookies and request variable as well.
More information about the talk
mailing list