I have two choices to store my html string:
- turning off
magic_quotes_gpc
and store it directly using PDO.
- turning on
magic_quotes_gpc
and let my html string be stored with slashes using PDO. then, convert those slashes by using the function stripslashes();
I need to know the pros and cons of those two choices, and which one do you recommend? I am guessing that there is a security threat with the first choice. and load on the server with the second choice, but I need to know what the experts say.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…