On Mon, 2004-12-06 at 12:57, Jeff McKeon wrote: > Does having magic-quotes=on prevent an attacker from using a urlized sql > inject query?
Somewhat, but I think magic_quotes=off is the preferred style since magic quotes are a big headache for portability. At any rate, understanding what you are doing and acting accordingly will provide you with better security. There is no "magic pill" for security. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
