On Nov 2, 2005, at 6:08 PM, Michael Glaesemann wrote:
> As an aside, it's interesting to see that the PHP documentation states:
> ---
> Magic Quotes is a process that automagically escapes incoming data to
> the PHP script. It's preferred to code with magic quotes off and to
> instead escape the data at runtime, as needed.
Haven't been totally immersed in this thread but here are reasons given
for not using Magic Quotes:
http://us2.php.net/manual/en/security.magicquotes.whynot.php
And here is pg_escape_string() :
http://us3.php.net/manual/en/function.pg-escape-string.php