Posted by Richard Lynch on 02/10/05 19:43

Ben Edwards (lists) wrote:
> Am I correct in thinking Magic Quotes automatically adds quotes to all
> posted variables, therefore if you are displaying post variables on a
> form you have to remove the quotes. They are only needed if you are
> actually inserting/updating into the database. Whether magic quotes
> are on or not you do not actually have to do anything to data fetched
> from the database. If magic quoted are not on you have to add slashes
> before you add to the database.

To be pedantic, I'll add to this thread and point out that Magic Quotes
also affects GET data.

Oooh, and COOKIES too, almost for sure, though I never put anything in a
Cookie that needs quotes, so I'm not 100% sure on that.

Magic Quotes was part of the original PHP, I think, or at least real early
on, back when the Internet had a lot less vandals.

I daresay validation in those days was more about being nice to the user
and having Good Data than self-defense.

[Sigh.]

When I was your age... :-)

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]