[20833] in bugtraq
Re: TWIG SQL query bugs
daemon@ATHENA.MIT.EDU (kj)
Fri Jun 1 15:46:51 2001
Date: Thu, 31 May 2001 09:48:37 -0700
From: kj <kj@indifference.org>
To: bugtraq@securityfocus.com
Message-ID: <20010531094837.B45326@indifference.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001001c0e7af$ef146c40$036e6e6e@waterhole>; from Ben@Efros.com on Mon, May 28, 2001 at 12:53:58PM -0700
> PHP used to have an option to automatically use addslashes() on any variable
> passed to it via POST or GET. Please see your PHP.INI file and set the
> appropriate setting for "magic_quotes_gpc"
Isn't the "magic_quotes_gpc" only for GET/POST/COOKIES. For SQL
statements to dbs I think you need to initialize magic_quotes_runtime
for the addslashes() default.
K.J.
