[Bug 204479] Re: PHP should be shipped with magic_quotes_gpc = Off in php.ini

bmjames bmjames at gmail.com
Mon Apr 6 00:37:53 BST 2009

This configuration encourages bad development practice and in doing so
encourages SQL injection vulnerabilities in PHP applications developed
on Ubuntu.

magic_quotes_gpc offers no protection against sophisticated injection
attacks, and enabling it only serves to give novice developers a false
sense of security. Developers who see that it is enabled are less likely
to consider using practices that are guaranteed to prevent injection

The feature only still exists for legacy compatibility, and enabling it
by default is an illogical and dangerous mistake which should be
corrected as soon as possible. It is a disservice to the developer
community to wait for PHP 6 to fix this problem.

PHP should be shipped with magic_quotes_gpc = Off  in php.ini
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.

More information about the Ubuntu-server-bugs mailing list