[ciapug] On or Off ...
Tony Bibbs
tony at tonybibbs.com
Mon Aug 8 10:55:10 CDT 2005
For security reasons register_globals should be turned off, though as
Dave mentioned, many older PHP apps require them.
I prefer magic quotes to be turned off as well but that's simply because
we use creole for database abstraction and it handles the quotes for us.
We've seen issues where PHP code gets ugly when you have a bunch of
addslashes/stripslashes so it's best to leave that to something else
(like you abstraction layer).
Similarly PEAR::DB supports prepared statements which, if used, get you
out of the business of worrying about quotes.
--Tony
Dave J. Hala Jr. wrote:
> Register globals off, is prefferred, unless you have some old php apps
> that didn't make use of $_POST when posting variables.
>
> I believe globals off is now the default. You'll know right away if you
> got apps that require globals on. :)
>
> If you do, you may want to consider putting them on your list of apps
> that to be "phased out/rewrote" etc.
>
> :) Dave
>
>
> On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:
>
>>magic_quotes_gpc and register_globals .... On or Off ??
>>
>>I believe that, and correct me if I am wrong, most will say Magic Quotes
>>= On and Registered Globals = Off.
>>
>>Arguements one way or the other?
>>
>>-ch
>>
>>
>>
>>_______________________________________________
>>ciapug mailing list
>>ciapug at cialug.org
>>http://cialug.org/mailman/listinfo/ciapug
More information about the ciapug
mailing list