Home page logo

basics logo Security Basics mailing list archives

Re: magic_quotes
From: Pablo Fernández <newsclient () teamq info>
Date: Tue, 21 Jun 2005 20:55:38 +0200

Ok, I read about that, but what I'm asking here is if there's any known
problems in using magic_quotes, I mean, besides that "portability" and
"performance" crap, which I can care less for the latter (not my server)
and anyway the whole performance thing is not that problematic,
converting a few variables is not such a big deal. On the portability
excuse... well, if I ever switch hosting (which I probably will since my
actual hosting sucks) I just will require them magic_quotes, which I
guess is enabled in most hostings...

Again, the question I asked is in the scenario where magic_quotes *IS


--- Begin Message --- From: Christoph 'knurd' Jeschke <christoph.jeschke () gmail com>
Date: Tue, 21 Jun 2005 02:05:38 +0200
Steve Hillier schrieb:

You should be using mysql_escape_string() to sanitise your input
strings if you're going to be using them as-is inside SQL statements.

Better use Stored Procedures (MySQL5) and mysql_real_escape_string
instead of mysql_escape_string.

--- End Message ---

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]