Hi Jigal, others,
> > Can someone shed some light on how "SQL injection" attack occurs when
> > *magic_quotes_gpc *is"ON" and how it prevents when its "OFF". To my
> > understanding apostrophise are escaped automatically in POST/GET/COOKIE
> > when its ON, so how it tends towards SQL Injection.
> magic_quotes_gpc ON is supposed to do an addslashes automatically for all
> get, post and cookie data.
> > *What is the best practices handling 'quotation marks' in input string
> > and how to prevent SQL injection.
> The best way to prevent SQL injection is to check user input yourself.
> Never, ever trust any data from an external source.
What about using parameters? How are they handled in MySQL?
Database Workbench - developer tool for InterBase, Firebird, MySQL & MS SQL