Magic quotes are a bug, therefore I recommend

if (ini_get('magic_quotes_gpc')) {
 throw new Exception("Magic quotes are a bug and should never be enabled");
}

At the top of every page (or rather, in a common include file, say where you connect to the db)

Mark

could you explain why you think it`s a bug? i would like to know.

markg85 wrote:

could you explain why you think it`s a bug? i would like to know.

This explains the pitfalls of majic-quotes
http://www.webmasterstop.com/63.html

However, contrary to what the site suggests, one should use mysqli_real_escape_string instead of addslashes. Better yet, use prepared statements and the problem goes away completely.

The page ahundiak refers to explains it quite nicely.

Quite simply:
- magic_quotes escapes data incorrectly in most cases (It ONLY handles a poor subset of cases where you need escape it in a database, not ANY other escaping scenario)
- magic_quotes escapes data even if they didn't need escaping
- magic_quotes escapes data at the wrong time

Mark

It's going away in PHP 6 as well, so if you put it in you'll have to take it out again fairly soon, anyway.

Thanks so much buddies.
To sum it up:
I've to use a .htaccess file
in my web root.

<IfModule mod_php4.c>
php_flag magic_quotes_gpc off
</IfModule>

or

php_flag magic_quotes_gpc off

By the way is the syntax right ?
and for PHP5 ?

In my script I can simple use
$mysqli->real_escape_string.

Have I got it right ?

Bye.

You don't really need the IfModule as long as you know php is loaded.
And turn register_globals off as well while you are at it.

@

Better yet, use prepared statements and the problem goes away completely.

Could you give me an example ?
Thanks in advance
Bye.

http://www.php.net/manual/en/ref.pdo.php

Scroll down and look at the section on Prepared Statements

Thanks.
Take care.