Reply to Re: [PHP] MySql injections (related question) — PHP

Posted by Richard Lynch on 05/13/05 01:52

On Thu, May 12, 2005 12:39 pm, James Williams said:
> I'm pretty sure that, in order to use mysql_real_escape_string() you
> must have magic quotes off or use stripslashes first... the same as
> addslashes, so it should work if you just search and replace. Don't
> quote me on that though

Well, yes, but you see it's no longer as simple as a global search and
replace, since there is no addslashes all over the place.

I have to hand-examine every file in, what, almost a decade's worth of
code spread over several dozen websites?

What is the CURRENT security advantage, if any, to
mysql_real_escape_string versus Magic Quotes?

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация