Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:31791
Return-Path: <stuttle@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93124 invoked by uid 1010); 21 Aug 2007 15:27:04 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 93103 invoked from network); 21 Aug 2007 15:27:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Aug 2007 15:27:04 -0000
Authentication-Results: pb1.pair.com smtp.mail=stuttle@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=stuttle@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.128.191 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: stuttle@gmail.com
X-Host-Fingerprint: 209.85.128.191 fk-out-0910.google.com  
Received: from [209.85.128.191] ([209.85.128.191:23181] helo=fk-out-0910.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 19/D2-02377-2440BC64 for <internals@lists.php.net>; Tue, 21 Aug 2007 11:27:01 -0400
Received: by fk-out-0910.google.com with SMTP id f33so1582938fkf
        for <internals@lists.php.net>; Tue, 21 Aug 2007 08:26:54 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=UVocL5pdgPGOeuDpL3n1JYBshLMJ7WyNpLHqRO+AOsKbb1kbv0LWszzMbuP3olexsYoxhKpfdJBGyXScs79Hlx/JUxBDunCM3E8YIHWWzjqeSpRFDgcVs4UUm9q8Elw7cEZ8kmfJaArXHIBOeyTRtqHkcj0UlZtDepaPg58Cm0k=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=oOb+YtiltT5jXKQS75w4Z5z1BWFInyBTj1J3F3gDaCiL3UWVAs/i3FreHsvf+kb+6pTnsqDnoNNtIoFLVg5LJmmcvQzxxbox4QGVXBsVah1sYQS47Yy1EbW9Sj1OqtM9+y0i79X0HZpKaZWHTyofTXY9TzTtT4tBIi85aPum6Xw=
Received: by 10.82.100.1 with SMTP id x1mr10672322bub.1187710013930;
        Tue, 21 Aug 2007 08:26:53 -0700 (PDT)
Received: from ?192.168.0.128? ( [81.174.253.131])
        by mx.google.com with ESMTPS id k5sm400527nfh.2007.08.21.08.26.49
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Tue, 21 Aug 2007 08:26:50 -0700 (PDT)
Message-ID: <46CB041D.7090604@gmail.com>
Date: Tue, 21 Aug 2007 16:26:21 +0100
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To:  internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Addslashes still recommended for DB input
From: stuttle@gmail.com (Stut)

The current php.ini-recommended in CVS for 5.2 has this at line 95...

; - magic_quotes_gpc = Off         [Performance]
;     Input data is no longer escaped with slashes so that it can be 
sent into
;     SQL databases without further manipulation.  Instead, you should 
use the
;     function addslashes() on each input element you wish to send to a 
database.

As far as I was aware addslashes is inadequate for this purpose. Should 
this not point people to use database-specific escaping functions rather 
than addslashes?

-Stut

-- 
http://stut.net/