You are here: Re: %27 and ' - urlencode « PHP Programming Language « IT news, forums, messages
Re: %27 and ' - urlencode

Posted by Oli Filth on 09/09/05 19:05

Geoff Berrow said the following on 09/09/2005 13:10:
> I noticed that Message-ID: <43216bc2$1@news1.homechoice.co.uk> from
> elyob contained the following:
>
>
>>Great stuff. Thanks for that, the default php.ini had this. It's now gone. I
>>seem to remember one of the main PHP developers writing that magic quotes is
>>stupid and should be dropped.
>
>
> You only need to url encode data that is going in a URL (duh...).
>
> And don't forget that your database security is now down to you in this
> and all future projects.

Yes, I'll echo that sentiment.

>
> (you could have just used stripslashes() )

IMO, using mysql_real_escape_string() once to put a value into a SELECT
query is far less annoying than having to use stripslashes() all over
the place...

Furthermore, magic quotes don't escape all the necessary characters to
make a string safe for SQL.


--
Oli

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация