[ciapug] On or Off ...

[Barry Von Ahsen]

I personally detest magicquotes = on for the previously mentioned reasons

the only gotcha is that then you do have to protect you sql strings, but 
php_mysql does this, and as Tony said, most abstraction layers (any good 
one, at least) should have a way to do it.  (I also work with an O'Brien 
and an O'Hara, so I may be more jaded than most :)

-barry


Tony Bibbs wrote:
> For security reasons register_globals should be turned off, though as 
> Dave mentioned, many older PHP apps require them.
> 
> I prefer magic quotes to be turned off as well but that's simply because 
> we use creole for database abstraction and it handles the quotes for us. 
>  We've seen issues where PHP code gets ugly when you have a bunch of 
> addslashes/stripslashes so it's best to leave that to something else 
> (like you abstraction layer).
> 
> Similarly PEAR::DB supports prepared statements which, if used, get you 
> out of the business of worrying about quotes.
> 
> --Tony
> 
> Dave J. Hala Jr. wrote:
> 
>> Register globals off, is prefferred, unless you have some old php apps
>> that didn't make use of $_POST  when posting variables.
>>
>> I believe globals off is now the default. You'll know right away if you
>> got apps that require globals on. :)
>>
>> If you do, you may want to consider putting them on your list of apps
>> that to be "phased out/rewrote" etc.
>>
>> :) Dave
>>
>>
>> On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:
>>
>>> magic_quotes_gpc and register_globals .... On or Off ??
>>>
>>> I believe that, and correct me if I am wrong, most will say Magic Quotes
>>> = On and Registered Globals = Off.
>>>
>>> Arguements one way or the other?
>>>
>>> -ch
>>>
>>>
>>>
>>> _______________________________________________
>>> ciapug mailing list
>>> ciapug at cialug.org
>>> http://cialug.org/mailman/listinfo/ciapug
> 
> _______________________________________________
> ciapug mailing list
> ciapug at cialug.org
> http://cialug.org/mailman/listinfo/ciapug