|
|
Posted by Jerry Stuckle on 12/13/58 11:46
Jon wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:b7udnUj3nOpizMvZ4p2dnA@comcast.com...
>
>>Jon wrote:
>>
>>>All,
>>>
>>>Yes, it's more of the famous 'what do I do about magic_quotes' questions.
>>>Anyways, here we go:
>>>
>>>I've been a PHP developer for about a year now, and have grown to detest
>>>magic_quotes for numerous reasons. So, in my applications now I simply
>>>use .htaccess to turn magic_quotes_gpc off and I escape as needed from
>>>there.
>>>
>>>My problem however has become what to do for FULLY portable applications.
>>>I'm currently writing an XML-based PHP application that will be using a
>>>MySQL backend, and going by my logic that I normally use (turning magic
>>>quotes off via htaccess) I might run into some problems. Basically, this
>>>application needs to be able to move to ANY hosting provider with very
>>>little configuration.
>>>
>>>So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()'
>>>check and escape where magic quotes are off. This shouldn't cause a
>>>problem with my own code because I've turned magic_quotes off anyways.
>>>
>>>Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to
>>>pickup the htaccess directive that turns them off, so it is always
>>>reported on. This basically traps me into not being able to check if
>>>they're on or off, or simply counting on them for my own application and
>>>leaving them on (I have no access to the .ini to turn them off at all).
>>>
>>>Worse yet, on the other side - if I go with my .htaccess and just always
>>>turn them off like I have been doing, this will come back to bite me if
>>>we have to put this application on an IIS server where turning them off
>>>is not an option. From what I understand, there's no way to turn them off
>>>at runtime.
>>>
>>>Any ideas on the best way to handle this?
>>
>>I code for having them off, and look for hosting companies who have them
>>turned off. There are thousands of good ones who run that way.
>>
>>Just like I don't host with companies who run with register_globals turned
>>on.
>>
>>Generally I need to ask them if it's off or on. And if they can't tell me
>>something this simple, it's time to run the other way!
>>
>>
>>--
>>==================
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>jstucklex@attglobal.net
>>==================
>
>
> Yeah, but if I'm building a retail application there's really no choice on
> the host.
>
>
Why not? There are always choices for hosts, unless they are planning to do it
in house. And if that's the case they can control the settings themselves.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|