> > The PHP Wikipedia page is wrong about this too, and states that > > addslashes() can be used instead of magic quotes. addslashes() > > should probably be deprecated too (and it isn't Unicode aware > > either, so removing it solves two problems). > > magic_quotes did the same thing than manually addslashing every > argument AFAIK, so I can't see why you say they couldn't be used > interchangeably. > the problem with magic was the magic part, addslashes is a valid > feature on its own.
It is not that magic_quotes and addslashes() can't be used interchangeably, it is that addslashes() shouldn't be used either. addslashes() isn't aware of other characters sets, so it won't add slashes to everything it should. It works fine for ASCII, but will probably open up a security hole when used on UTF8 strings. Even the addslashes() manual page, highly recommends you don't use addslashes(). Ideally, addslashes() should be added to the deprecation list too. It will have to be removed (or somehow fixed) as part of "Full Unicode" support anyways. That is why I think the deprecation of features for PHP6 was more important than Unicode. It makes PHP6 secure (well, more secure) by default. > Tyrael Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
