always enable addslashes

**Curtis** · Dec 12 '06, 09:45 AM

Re: always enable addslashes

If you have access to php.ini, you can set the magic_quotes_gp c
variable to "On". Alternatively, you can set it using the ini_set
function in your scripts (See: http://php.net/ini_set).

However, it would be better if you just escaped input on your own, and
having PHP automatically add slashes is a nuisance if you already do.

Curtis

On Dec 12, 1:48 am, "Tarscher" <tarsc...@gmail .comwrote:

Hi all,
>
Is there a way I can always enable addslashes by including a line of
code to the top of my pages?
>
Thanks in advance
Stijn

**Michael Fesser** · Dec 12 '06, 11:55 AM

Re: always enable addslashes

..oO(Curtis)

>If you have access to php.ini, you can set the magic_quotes_gp c
>variable to "On".

Magic quotes are dead. They will be removed in PHP 6.

>However, it would be better if you just escaped input on your own

That's the only reliable and secure way. For example addslashes() can't
know what other escaping might be necessary when inserting data into a
database. That's why functions like mysql_real_esca pe_string() exist.

Micha

**Toby Inkster** · Dec 12 '06, 04:35 PM

Re: always enable addslashes

Curtis wrote:

However, it would be better if you just escaped input on your own, and
having PHP automatically add slashes is a nuisance if you already do

And PHP *not* adding slashes is a nuisance if you already use stripslashes().

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

**Curtis** · Dec 13 '06, 06:15 AM

Re: always enable addslashes

Very good points, Michael and Toby, thanks for making those
additions.It's good to hear that it's going in PHP 6, I haven't been
keeping up too well on what's going on with PHP 6, so I'll have to
check out what's going on in more detail.

**Michael Fesser** · Dec 13 '06, 02:25 PM

Re: always enable addslashes

..oO(Curtis)

>Very good points, Michael and Toby, thanks for making those
>additions.It 's good to hear that it's going in PHP 6, I haven't been
>keeping up too well on what's going on with PHP 6, so I'll have to
>check out what's going on in more detail.

Old, but still interesting:

Minutes PHP Developers Meeting

PHP: Manual Quick Reference

http://www.php.net/~derick/meeting-notes.html

PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world.

Micha

always enable addslashes

always enable addslashes

Comment

Comment

Comment

Comment

Comment