[ciapug] On or Off ...
Jerry Weida
jweida at gmail.com
Mon Aug 8 12:14:29 CDT 2005
I personally think that magic_quotes should be left off. I think it is the
responsibility of the coder to properly escape any user-supplied input. I
use ADoDB and it does have a function to do this.
On 8/8/05, Barry Von Ahsen <barry at vonahsen.com> wrote:
>
> I personally detest magicquotes = on for the previously mentioned reasons
>
> the only gotcha is that then you do have to protect you sql strings, but
> php_mysql does this, and as Tony said, most abstraction layers (any good
> one, at least) should have a way to do it. (I also work with an O'Brien
> and an O'Hara, so I may be more jaded than most :)
>
> -barry
>
>
> Tony Bibbs wrote:
> > For security reasons register_globals should be turned off, though as
> > Dave mentioned, many older PHP apps require them.
> >
> > I prefer magic quotes to be turned off as well but that's simply because
> > we use creole for database abstraction and it handles the quotes for us.
> > We've seen issues where PHP code gets ugly when you have a bunch of
> > addslashes/stripslashes so it's best to leave that to something else
> > (like you abstraction layer).
> >
> > Similarly PEAR::DB supports prepared statements which, if used, get you
> > out of the business of worrying about quotes.
> >
> > --Tony
> >
> > Dave J. Hala Jr. wrote:
> >
> >> Register globals off, is prefferred, unless you have some old php apps
> >> that didn't make use of $_POST when posting variables.
> >>
> >> I believe globals off is now the default. You'll know right away if you
> >> got apps that require globals on. :)
> >>
> >> If you do, you may want to consider putting them on your list of apps
> >> that to be "phased out/rewrote" etc.
> >>
> >> :) Dave
> >>
> >>
> >> On Mon, 2005-08-08 at 09:34, Chris Hettinger wrote:
> >>
> >>> magic_quotes_gpc and register_globals .... On or Off ??
> >>>
> >>> I believe that, and correct me if I am wrong, most will say Magic
> Quotes
> >>> = On and Registered Globals = Off.
> >>>
> >>> Arguements one way or the other?
> >>>
> >>> -ch
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> ciapug mailing list
> >>> ciapug at cialug.org
> >>> http://cialug.org/mailman/listinfo/ciapug
> >
> > _______________________________________________
> > ciapug mailing list
> > ciapug at cialug.org
> > http://cialug.org/mailman/listinfo/ciapug
>
>
> _______________________________________________
> ciapug mailing list
> ciapug at cialug.org
> http://cialug.org/mailman/listinfo/ciapug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/ciapug/attachments/20050808/e9fe2000/attachment.html
More information about the ciapug
mailing list