ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Ten Security Checks for PHP, Part 1
Subject:   magic quotes
Date:   2003-03-24 06:13:55
From:   anonymous2
> We have had magic_quotes_gpc on for over a
> year and constantly use addslashes on user
> input before inserting it into an sql
> database.


Because the magic_quotes_gpc is going to automatically add slashes to your input and then you're manually calling addslashes(), which will prepend every slash that magic_quotes just added with a another slash. You're unnecessarily doubling up every occurence of a slash. The only safe way to use the addslashes function with magic_quotes is something like this:


if (!ini_get('magic_quotes_gpc')) {
entry = addslashes ($entry);
}


1 to 1 of 1
  1. magic quotes
    2003-03-24 13:27:20  clancymalcolm [View]

1 to 1 of 1