On Tue, Aug 21, 2007 at 04:26:21PM +0100, Stut wrote:
> As far as I was aware addslashes is inadequate for this purpose. Should
> this not point people to use database-specific escaping functions rather
> than addslashes?
Yes, even better use placeholders (if the DB API supports it).
--
Alain
The current php.ini-recommended in CVS for 5.2 has this at line 95...
; - magic_quotes_gpc = Off [Performance]
; Input data is no longer escaped with slashes so that it can be
sent into
; SQL databases without further manipulation. Instead, you should
use the
; function add
