ljb wrote:
[EMAIL PROTECTED] wrote:
ljb <[EMAIL PROTECTED]> writes:
| addslashes() or magic_quotes. We note that these tools have been deprecated
| by the PHP group since version 4.0.
Can anyone provide a source for the statement?
I'm not going to put words in Josh's mouth about where he got that from,
but anyone who reads all of the comments at
http://us3.php.net/manual/en/function.addslashes.php
ought to come away suitably unimpressed with the security of that
function.
Yes, sorry, I did see those comments, although I don't think they are from
the PHP group themselves. But I missed the statement on the pg_escape_string
manual page saying "use of this function is recommended instead of
addslashes()". I still think "since version 4.0" is wrong.
Better yet, use PEAR::DB or some other db abstraction package that will
handle all of this for you.
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
