Security Basics mailing list archives
magic_quotes
From: Pablo Fernández <newsclient () teamq info>
Date: Sat, 18 Jun 2005 01:28:42 +0200
Hi everybody
I been coding for the last couple of days with PHP+MySQL and I've been
relaying A LOT in magic_quotes. I am wondering if it's (at least for the
moment) a safe thing to do. For example, consider the following code
$GDATA = (object) $_GET;
$PDATA = (object) $_POST;
if ($GDATA) $DATA = $GDATA;
else $DATA = $PDATA;
$q = mysql_query ("SELECT * FROM whatever WHERE id = '$DATA->id'");
How safe is this?
I would appreciate hints & thoughts (TM)
Thanks,
Pablo Fernandez
Current thread:
- magic_quotes Pablo Fernández (Jun 20)
- RE: magic_quotes Steve Hillier (Jun 20)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 21)
- RE: magic_quotes Steve Hillier (Jun 22)
- Re: magic_quotes Pablo Fernández (Jun 22)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 22)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 21)
- RE: magic_quotes Steve Hillier (Jun 20)
- Re: magic_quotes Ben Sytko (Jun 20)
- <Possible follow-ups>
- Re: RE: magic_quotes miguel . vieira (Jun 22)
- Re: magic_quotes maarten (Jun 24)
- Re: magic_quotes Christoph 'knurd' Jeschke (Jun 27)
- Re: magic_quotes mickael kael (Jun 27)