I personally think that magic_quotes should be left off. I think
it is the responsibility of the coder to properly escape any
user-supplied input. I use ADoDB and it does have a function to
do this.<br><br><div><span class="gmail_quote">On 8/8/05, <b class="gmail_sendername">Barry Von Ahsen</b> <<a href="mailto:barry@vonahsen.com">barry@vonahsen.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I personally detest magicquotes = on for the previously mentioned reasons<br><br>the only gotcha is that then you do have to protect you sql strings, but<br>php_mysql does this, and as Tony said, most abstraction layers (any good
<br>one, at least) should have a way to do it. (I also work with an O'Brien<br>and an O'Hara, so I may be more jaded than most :)<br><br>-barry<br><br><br>Tony Bibbs wrote:<br>> For security reasons register_globals should be turned off, though as
<br>> Dave mentioned, many older PHP apps require them.<br>><br>> I prefer magic quotes to be turned off as well but that's simply because<br>> we use creole for database abstraction and it handles the quotes for us.
<br>> We've seen issues where PHP code gets ugly when you have a bunch of<br>> addslashes/stripslashes so it's best to leave that to something else<br>> (like you abstraction layer).<br>><br>> Similarly PEAR::DB supports prepared statements which, if used, get you
<br>> out of the business of worrying about quotes.<br>><br>> --Tony<br>><br>> Dave J. Hala Jr. wrote:<br>><br>>> Register globals off, is prefferred, unless you have some old php apps<br>>> that didn't make use of $_POST when posting variables.
<br>>><br>>> I believe globals off is now the default. You'll know right away if you<br>>> got apps that require globals on. :)<br>>><br>>> If you do, you may want to consider putting them on your list of apps
<br>>> that to be "phased out/rewrote" etc.<br>>><br>>> :) Dave<br>>><br>>><br>>> On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:<br>>><br>>>> magic_quotes_gpc and register_globals .... On or Off ??
<br>>>><br>>>> I believe that, and correct me if I am wrong, most will say Magic Quotes<br>>>> = On and Registered Globals = Off.<br>>>><br>>>> Arguements one way or the other?
<br>>>><br>>>> -ch<br>>>><br>>>><br>>>><br>>>> _______________________________________________<br>>>> ciapug mailing list<br>>>> <a href="mailto:ciapug@cialug.org">
ciapug@cialug.org</a><br>>>> <a href="http://cialug.org/mailman/listinfo/ciapug">http://cialug.org/mailman/listinfo/ciapug</a><br>><br>> _______________________________________________<br>> ciapug mailing list
<br>> <a href="mailto:ciapug@cialug.org">ciapug@cialug.org</a><br>> <a href="http://cialug.org/mailman/listinfo/ciapug">http://cialug.org/mailman/listinfo/ciapug</a><br><br><br>_______________________________________________
<br>ciapug mailing list<br><a href="mailto:ciapug@cialug.org">ciapug@cialug.org</a><br><a href="http://cialug.org/mailman/listinfo/ciapug">http://cialug.org/mailman/listinfo/ciapug</a><br></blockquote></div><br>