> -----Original Message-----
> From: Robert Cummings [mailto:[EMAIL PROTECTED] 
> Sent: Monday, December 06, 2004 1:45 PM
> To: Jeff McKeon
> Cc: PHP-General
> Subject: Re: [PHP] Magic-quotes
> 
> 
> On Mon, 2004-12-06 at 12:57, Jeff McKeon wrote:
> > Does having magic-quotes=on prevent an attacker from using 
> a urlized 
> > sql inject query?
> 
> Somewhat, but I think magic_quotes=off is the preferred style 
> since magic quotes are a big headache for portability. At any 
> rate, understanding what you are doing and acting accordingly 
> will provide you with better security. There is no "magic 
> pill" for security.
> 
> Cheers,
> Rob.
>

Portability is not an objective here per say.  I'm aware of many of the
security issues surrounding PHP, just trying to understand the specifics
of each one so that I can weigh the plus/minus of it to my needs.

Assuming I have no portability needs and have magic_quotes=on, can you
elaborate on "somewhat?"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to