I have two modules that do not allow posting of Double or Single quotes " ' (possibly other characters as well). I fixed this on another module a loooonnnnngggg time ago, but can't remember what the code is anymore.
Can someone help?
Thanks
Evaders99 Site Admin
Joined: Aug 17, 2003
Posts: 12482
Posted:
Fri Aug 14, 2009 3:35 pm
Use addslashes or the database-specific - mysql_real_escape_string
Is keeping magic quotes on considered a security flaw? I noticed it was shut off on my server.
Evaders99 Site Admin
Joined: Aug 17, 2003
Posts: 12482
Posted:
Tue Aug 18, 2009 5:25 pm
magic_quotes was a safeguard for older scripts. It is not recommend anymore and is being deprecated. I don't know of any active exploits against patched systems. I would only recommend it on if you are running very old code.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum