[WEB SECURITY] magic_quotes

Pablo Fernández newsclient at teamq.info
Tue Jun 21 17:05:54 EDT 2005


Hi everybody

I been coding for the last couple of days with PHP+MySQL and I've been
relaying A LOT in magic_quotes. I am wondering if it's (at least for the
moment) a safe thing to do. For example, consider the following code

$GDATA = (object) $_GET;
$PDATA = (object) $_POST;

if ($GDATA) $DATA = $GDATA;
else        $DATA = $PDATA;

$q = mysql_query ("SELECT * FROM whatever WHERE id = '$DATA->id'");

How safe is this?

I would appreciate hints & thoughts (TM)

Thanks,
Pablo Fernandez


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list