|
|
Posted by Jon on 12/26/78 11:46
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:b7udnUj3nOpizMvZ4p2dnA@comcast.com...
> Jon wrote:
>> All,
>>
>> Yes, it's more of the famous 'what do I do about magic_quotes' questions.
>> Anyways, here we go:
>>
>> I've been a PHP developer for about a year now, and have grown to detest
>> magic_quotes for numerous reasons. So, in my applications now I simply
>> use .htaccess to turn magic_quotes_gpc off and I escape as needed from
>> there.
>>
>> My problem however has become what to do for FULLY portable applications.
>> I'm currently writing an XML-based PHP application that will be using a
>> MySQL backend, and going by my logic that I normally use (turning magic
>> quotes off via htaccess) I might run into some problems. Basically, this
>> application needs to be able to move to ANY hosting provider with very
>> little configuration.
>>
>> So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()'
>> check and escape where magic quotes are off. This shouldn't cause a
>> problem with my own code because I've turned magic_quotes off anyways.
>>
>> Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to
>> pickup the htaccess directive that turns them off, so it is always
>> reported on. This basically traps me into not being able to check if
>> they're on or off, or simply counting on them for my own application and
>> leaving them on (I have no access to the .ini to turn them off at all).
>>
>> Worse yet, on the other side - if I go with my .htaccess and just always
>> turn them off like I have been doing, this will come back to bite me if
>> we have to put this application on an IIS server where turning them off
>> is not an option. From what I understand, there's no way to turn them off
>> at runtime.
>>
>> Any ideas on the best way to handle this?
>
> I code for having them off, and look for hosting companies who have them
> turned off. There are thousands of good ones who run that way.
>
> Just like I don't host with companies who run with register_globals turned
> on.
>
> Generally I need to ask them if it's off or on. And if they can't tell me
> something this simple, it's time to run the other way!
>
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================
Yeah, but if I'm building a retail application there's really no choice on
the host.
Navigation:
[Reply to this message]
|