By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,908 Members | 1,808 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,908 IT Pros & Developers. It's quick & easy.

magic_quotes_gpc ?

P: n/a
Hi All,

are there any ideas of how to keep the magic_quotes_gpc variable in ini
file - "On" or "Off". I just noticed the difference between local settings
and server's ones. So i cant decide what to fix.

Thanks.


--
Exact Meta Search | Major Search Engine
http://exactsearcher.com
Nov 5 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Berimor wrote:
are there any ideas of how to keep the magic_quotes_gpc variable in ini
file - "On" or "Off". I just noticed the difference between local settings
and server's ones. So i cant decide what to fix.


I say off. But whichever you decide on, check for the status in your
scripts for them to be more portable.

--
E. Dronkert
Nov 5 '05 #2

P: n/a
On Sat, 05 Nov 2005 22:21:32 +0100, Ewoud Dronkert
<fi*******@lastname.net.invalid> wrote:
Berimor wrote:
are there any ideas of how to keep the magic_quotes_gpc variable in ini
file - "On" or "Off". I just noticed the difference between local
settings
and server's ones. So i cant decide what to fix.


I say off. But whichever you decide on, check for the status in your
scripts for them to be more portable.


Thanx.

The matter is i was developing the site using my local setting - "Off" -
and it's the first hosting i met that has this setting "On":( Also i just
read this http://lists.evolt.org/archive/Week-...19/161762.html
- so think i'll try to keep it "Off" everywhere.


--
Exact Meta Search | Major Search Engine
http://exactsearcher.com
Nov 5 '05 #3

P: n/a
If you use On, PHP will automatically escape single and double quotes,
backslashes and null characters, you'll have to use stripslashes() if
you want the original string. This reduces efficiency because, you
don't always need to escape every single string, but in the other hand,
protects you a bit more from SQL injection.

http://www.php.net/manual/en/function.addslashes.php
http://www.php.net/manual/en/function.stripslashes.php
http://www.php.net/manual/en/ref.inf...gic-quotes-gpc

Nov 5 '05 #4

P: n/a
Cameri said the following on 05/11/2005 21:57:
If you use On, PHP will automatically escape single and double quotes,
backslashes and null characters, you'll have to use stripslashes() if
you want the original string. This reduces efficiency because, you
don't always need to escape every single string, but in the other hand,
protects you a bit more from SQL injection.


Except, of course, that if you want your script to be portable, then
you'll have to manually test for magic_quotes_gpc setting, and if it's
"Off", then you'll have to manually escape anyway.

And, of course, the fact that it doesn't really help that much against
SQL injection, because escape syntax varies between SQL variants. The
results of magic_quotes aren't strictly correct for MySQL, and not at
all correct for MS SQL Server nor PostgreSQL.
--
Oli
Nov 5 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.