tgl(at)sss(dot)pgh(dot)pa(dot)us wrote:
> ljb <ljb220(at)mindspring(dot)com> writes:
>> | addslashes() or magic_quotes. We note that these tools have been deprecated
>> | by the PHP group since version 4.0.
>
>> Can anyone provide a source for the statement?
>
> I'm not going to put words in Josh's mouth about where he got that from,
> but anyone who reads all of the comments at
> http://us3.php.net/manual/en/function.addslashes.php
> ought to come away suitably unimpressed with the security of that
> function.
Yes, sorry, I did see those comments, although I don't think they are from
the PHP group themselves. But I missed the statement on the pg_escape_string
manual page saying "use of this function is recommended instead of
addslashes()". I still think "since version 4.0" is wrong.