mailing list archives
From: maarten () webfauna com
Date: 23 Jun 2005 08:30:59 -0000
I agree that magic quotes is not a very nice solution. Although it makes it a little harder to manipulate queries, it
will make your code less clear. Some strings in you application are escaped (from POST data) and some are not (e.g.
from database.) Sometimes it's not completly clear what the origin of a variable (string) is.
I think it's easier and safer if you can concider all strings to be unescaped and make sure you escape them in a query.
You need clear and easy to understand code to make your application secure.
In this case, I'd also use the intval() function. If you want an integer value, this makes sure it is.