Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is the
best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) would add slashes (and not single quotes)
which is not what you want.
so a function call like addslashes() would actually escape single quotes
with another single quote...
Is there a better/more secure wahy?
my preference is to have all magic_quote_<BLA> ini settings set to
off and explicitly escape my data (after validation/cleaning) according to
the context the data is being use in (e.g. DB insertion as per this discussion)
if/when trying to write truly portable code you will have to have routines
that check the actual magic quotes settings and depending on the actual
values/settings
normalize your data accordingly... which can be a right PITA to do properly :-)
-Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
