|
|
Posted by Jerry Stuckle on 01/07/55 11:46
Jon wrote:
> All,
>
> Yes, it's more of the famous 'what do I do about magic_quotes' questions.
> Anyways, here we go:
>
> I've been a PHP developer for about a year now, and have grown to detest
> magic_quotes for numerous reasons. So, in my applications now I simply use
> .htaccess to turn magic_quotes_gpc off and I escape as needed from there.
>
> My problem however has become what to do for FULLY portable applications.
> I'm currently writing an XML-based PHP application that will be using a
> MySQL backend, and going by my logic that I normally use (turning magic
> quotes off via htaccess) I might run into some problems. Basically, this
> application needs to be able to move to ANY hosting provider with very
> little configuration.
>
> So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()' check
> and escape where magic quotes are off. This shouldn't cause a problem with
> my own code because I've turned magic_quotes off anyways.
>
> Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup
> the htaccess directive that turns them off, so it is always reported on.
> This basically traps me into not being able to check if they're on or off,
> or simply counting on them for my own application and leaving them on (I
> have no access to the .ini to turn them off at all).
>
> Worse yet, on the other side - if I go with my .htaccess and just always
> turn them off like I have been doing, this will come back to bite me if we
> have to put this application on an IIS server where turning them off is not
> an option. From what I understand, there's no way to turn them off at
> runtime.
>
> Any ideas on the best way to handle this?
>
>
I code for having them off, and look for hosting companies who have them turned
off. There are thousands of good ones who run that way.
Just like I don't host with companies who run with register_globals turned on.
Generally I need to ask them if it's off or on. And if they can't tell me
something this simple, it's time to run the other way!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|