I am just wondering and need some reassurance that if in my php.ini files magic quotes are turned on (escaping quotes) that it eliminates ANY chance of sql injection?
If it does not does anyone have an article or some examples of further prevention that would be needed to prevent it.
