PHWinfo - Afficher un message

18/09/2007, 23h37

Apologies if you already received this message, I tried to send it
earlier from my webmail but it doesn't seem to have worked.

Al wrote:
> Just use stripslashes() on your submitted data and forget about
> testing for magic_quotes. It's good practice anyhow. \" is not legit
> text regardless.
>

Using stripslashes() on all submitted data is most certainly *not* good
practice. If magic_quotes_gpc is later turned off or you're using one of
the versions of PHP with buggy magic_quotes_gpc support then you can
easily lose data. Reversing the effects of magic_quotes_gpc is far from
trivial, there's lots of potential for subtle bugs, let alone completely
forgetting about $_.

See my earlier reply for a real solution.

Arpad

18/09/2007, 23h37	#5
Arpad Ray Messages: n/a Hébergeur:	Re: [PHP] Re: PHP "preg_replace" Apologies if you already received this message, I tried to send it earlier from my webmail but it doesn't seem to have worked. Al wrote: > Just use stripslashes() on your submitted data and forget about > testing for magic_quotes. It's good practice anyhow. \" is not legit > text regardless. > Using stripslashes() on all submitted data is most certainly not good practice. If magic_quotes_gpc is later turned off or you're using one of the versions of PHP with buggy magic_quotes_gpc support then you can easily lose data. Reversing the effects of magic_quotes_gpc is far from trivial, there's lots of potential for subtle bugs, let alone completely forgetting about $_. See my earlier reply for a real solution. Arpad