project
project summary freshmeat entry development infos mailing list WebInstaller database tools ChangeLog
page plugins
ProtectedEmail PowerSearch README README.config README.plugins README.fragments ProtectedMode INTERNALS WordIndex AboutPlugins PhpInfo OrphanedPages ListOfPluginHooks RSS RecentChanges PageIndex NewestPages SearchPages MostVisitedPages MostOftenChangedPages UpdatedPages
usage hint
9OTUNE YOGURT SÜREER AYRAN OLANA KADAR SİKERİMxD
Differences between version 1 and 0 of »AvoidMagicQuotes«
+ [MarioSalzer "milky"]:
+ The 'magic_quotes' in my opinion is the most stupid thing the Zend people
+ added to PHP. Because it is a config setting, it is set differently on many
+ servers, thus making it hard to get a PHP script run equal on many systems.
+ The magic_quotes add backslashes to GET, POST and COOKIE variables to give
+ novices a chance to write 'safe' PHP database usage code without having to
+ learn programming...(!)
+ %%%
+ Yes, I'd really like to say the magic_quotes are for stupids.
+ Even if the magic_quotes are now off by default in recent PHP versions,
+ they still are a problem, because many providers still have poorly written
+ code (not managing to use addslashes() or similar before writing to database)
+ and thus enforce people also to live with the antiquatic_quotes (there is
+ the .htaccess workaround, ok, but it is not safe or always possible to use
+ it).
+ This problem for example lead to constructs like "eventually_add_slashes()"
+ functions in many projects (PhpNuke has such one for example). This slows
+ down everything and makes code unreadable - in ewiki such an
+ eventually_add_slashes() function had to be deployed around 100 times to
+ work around the antique_quotes 'feature'. So my approach was the
+ "fragments/strip_wonderful_slashes.php" include, which redecodes any
+ garbaged $_REQUEST variable.
+ %%%
+ This is a good thing, because ewiki's database code cares about adding
+ backslashes before sending commands to the database - and in fact PHP's
+ magic_quotes sense of adding quotes wasn't even capable of doing it
+ correctly, because different databases (ADODB) use different escape chars!
+ For an bad example of problems with magic_quotes just see the
+ sourceforge.net site - their software is also not aware enough of their own
+ PHP interpreter having the trouble_quotes enabled, so you\\\\\'ll often see
+ backslashes appear before quotes, often you\\\\\\\\\\'ll see a long line of
+ \\\\\\\\\\\\\\\\\\\\\ backslashes, where you wouldn\\\\\\\\\\\'t expect
+ (they also have problems with \newlines, but that\\\'s another story ;)
-
