unmagic quotes


I ran into a problem today with encoding strings for SQL. Upon looking into the problem, I realized an oddity from a past problem was very much related. It turns out that PHP, by default, escapes quotes. It was originally included with PHP to prevent SQL injection attacks. The problem however, is that like-minded developers who already take measures against this end up having data appear in the database as if someone had double- escaped the strings during an insert/update. I’m at a cross roads determining if I should detect if this is on, or to turn it off and assume that it will always be off.
posted by Dedric Mauriac on Woodbridge using a blogHUD : [blogHUD permalink]

Comments are closed.

%d bloggers like this: