[How-To] PHP Security

Inquisitor · 9 Apr 2005 at 22:23

So is it even worth having magic quotes on? Or can I just leave it off and use mysql_real_escape_string() with queries?

robmiller · 9 Apr 2005 at 22:26

Turn it off if you possibly can, it makes life much easier.

lookitsjonno · 9 Apr 2005 at 23:59

robmiller said:
Turn it off if you possibly can, it makes life much easier.

agreed, its a right pain in the rear

magic quotes was designed to add a bit of security to scripts written by noobs who wern't capable of taking an additional 2 tics to escape input data properly :rolleyes:

robmiller · 13 May 2005 at 23:39

Can this get archived since it's not a sticky anymore please?

Cheers