On Sunday, Feb 6, 2005, at 23:07 Europe/Copenhagen, George Schlossnagle wrote:
I disagree. The fact that XSS attacks remain one of the largest issues plaguing large so-called enterprise sites points to data validation being a hard thing to remember to always do, and to do 'right'.
So how do you feel about impact magic_quotes had on preventing SQL injection attacks? In my own personal opinion it had marginal positive impact at best and it didn't prevent people writing queries like "delete from customer where customer_id=".$_GET['id']. It did however had a major negative impact on the portability of the PHP code written.
Most objections here on ini triggered filter mechanism stem from the fear that we're heading towards the same outcome.
Edin
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
