Reply to Re: PHP and MySql — PHP Programming Language

Posted by Andrew C on 11/20/06 07:49

"Pedro Graca" <hexkid@dodgeit.com> wrote in message
news:slrnem0u0b.38r.hexkid@ID-203069.user.individual.net...
> Jerry Stuckle wrote:
>> Andrew C wrote:
>>>
>>> In their example, wouldn't magic quotes be sufficient to thwart the
>>> attack?
>>>
>>
>> First of all, magic_quotes is bad. It changes the data without the
>> user's knowledge. Even worse, it can be turned on or off - either
>> breaking scripts or requiring extra gyrations to handle either on or off.
>>
>> Second, mysql_real_escape_string() is a mysql function sensitive to the
>> charset in use in the table. It is also designed specifically for
>> inserting into/updating a MySQL database. magic_quotes is a generic
>> function, not sensitive to character sets.
>
> Third, magic_quotes will be taken away from PHP6.
> http://www.corephp.co.uk/archives/19-Prepare-for-PHP-6.html

Thanks to you both for the points of view and the link.

A.

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация