1

I'm installing phplist under my server that is based on cgi mode. I read that I have to hide the part related to "magic_quotes_gpc" on .htaccess file and that I also need to configure php.ini file so to allow magic quotes.

I have configured a separate database for phplist different from that of my site. So is there anything dangerous about that? What is it about "sql injectors" ?

I'm using PHP Version 4.4.9

mjv
  • 73,152
  • 14
  • 113
  • 156
Luci
  • 3,174
  • 7
  • 31
  • 36
  • Related: http://stackoverflow.com/questions/2118505/what-are-magic-quotes-runtime-in-php – Pekka Mar 07 '11 at 08:49
  • 2
    What version of PHP are you using? magic_quotes_gpc has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged. – Michiel Pater Mar 07 '11 at 08:50
  • 2
    You should look into switching to PHP 5. PHP 4 is massively outdated and no longer supported – Pekka Mar 07 '11 at 09:17
  • Agree with pekka, you should absolutly update PHP. If you're conserned about security, updating to PHP 5.3 should be on top of your todo-list – Sondre Mar 07 '11 at 09:46
  • well the server allows me to choose between php 4 or 5 so this is not a big problem to me, I can choose to use php 5. – Luci Mar 07 '11 at 10:32

1 Answers1

1

It is absolutely not "dangerous".

This functionality has been deprecated in PHP 5.3, so it will be the normal move to remove it.

Considering sql injection, even with magic_quotes activated you would have to do some checks, so nothings change here.

krtek
  • 26,334
  • 5
  • 56
  • 84