> -----Original Message----- > From: Robert Cummings [mailto:[EMAIL PROTECTED] > Sent: Monday, December 06, 2004 1:45 PM > To: Jeff McKeon > Cc: PHP-General > Subject: Re: [PHP] Magic-quotes > > > On Mon, 2004-12-06 at 12:57, Jeff McKeon wrote: > > Does having magic-quotes=on prevent an attacker from using > a urlized > > sql inject query? > > Somewhat, but I think magic_quotes=off is the preferred style > since magic quotes are a big headache for portability. At any > rate, understanding what you are doing and acting accordingly > will provide you with better security. There is no "magic > pill" for security. > > Cheers, > Rob. >
Portability is not an objective here per say. I'm aware of many of the security issues surrounding PHP, just trying to understand the specifics of each one so that I can weigh the plus/minus of it to my needs. Assuming I have no portability needs and have magic_quotes=on, can you elaborate on "somewhat?" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
