M
@morbiuswilters said:It's not in the database drivers and it's been off by default for years (and any sensible person would have turned it off even when it was on by default). Magic quotes just adds slashes to user-supplied parameters, such as GET and POST vars. It's possible that there was some other bug in your database driver which was inserting slashes, I dunno. I've used prepared statements in PHP with Postgres and MySQL for many years without issue. Well, NOW I know the problem was not in the database drivers. But I send some data through POST, read it and store on the database; query the database and it's wrong... How could I imagine something was mangling the data received from POST? The only thing with a 'thick' abstraction layer here is the database, any minimaly competent person would just map the variables to point to the POST data and not even touch it. And yes, the fact that it defaults to off bugs me, it wasn't that long ago. But I didn't setup the environment, so I have no idea why it was on. (I had no idea somebody could ever think about such an aberration.)