[ciapug] On or Off ...
Chris Van Cleve
vanish at dreamscapevisionery.com
Mon Aug 8 13:51:32 CDT 2005
6 in one hand, half a dozen in the other. I always turn off magic
quotes. Always. ADODB provides an excellent means for handling this and
turning them off prevents those wonderful 'The open source script
you're using just assumed they were off and now you have two
backslashes everywhere and more quotes than you can shake a stick at.
Good luck with your new, required data cleansing project!' errors.
Escaping code yourself, whether by your own code or via a
library/layer, is just good practice and keeps you mindful of potential
pitfalls and being alert to avoid them. Complacency thru dependence on
'magic' or automation that is largely beyond your control is just as
perilous and risky as relying on a developer to do his diligence.
Chris VC
On Aug 8, 2005, at 12:22 PM, Tim Perdue wrote:
> Jerry Weida wrote:
>> I personally think that magic_quotes should be left off. I think it
>> is the responsibility of the coder to properly escape any
>> user-supplied input. I use ADoDB and it does have a function to do
>> this.
>
> If you leave it up the programmer to do it, there's always going to be
> cases where it's forgotten. I think there's no reason to mess with
> anything that can be done 'magically' at the system level.
>
> Tim
> _______________________________________________
> ciapug mailing list
> ciapug at cialug.org
> http://cialug.org/mailman/listinfo/ciapug
>
>
More information about the ciapug
mailing list