Where can I add images?
- demo answered 11 years ago
lol cat
- demo answered 6 years ago
- risma sofa asked 9 years ago
Sabai Discuss is a premium questions and answers plugin for WordPress. The plugin features the ability for users to ask and answer questions similar to Stack Overflow or Yahoo Answers.
Sabai Discuss is an ideal tool not only for building a community driven question-and-answer website but also for building a discussion forum, a knowledge base, or even a helpdesk portal for WordPress.
- demo answered 6 years ago
- demo asked 7 years ago
Good question. The answer is actually hard to find.
- demo answered 7 years ago
Music the greatest achievement of mankind. I think this is the best answer.
- demo answered 7 years ago
- last active 7 years ago
- demo asked 7 years ago
- last active 7 years ago
Magic Quotes
The following text is taken from PHP.net
http://www.php.net/manual/en/security.magicquotes.why.php
There is no reason to use magic quotes because they are no longer a supported part of PHP. However, they did exist and did help a few beginners blissfully and unknowingly write better (more secure) code. But, when dealing with code that relies upon this behavior it’s better to update the code instead of turning magic quotes on. So why did this feature exist? Simple, to help prevent SQL Injection. Today developers are better aware of security and end up using database specific escaping mechanisms and/or prepared statements instead of relying upon features like magical quotes.
addslashes() vs mysql_real_escape_string()
The reason why you should use mysql_real_escape_string() is because it’s a “MySQL function” and is created especially for escaping user input before it’s executed in a mysql query, while addslashes() is a “PHP function”. That probably sounded a little weird, but there’s one important difference between the two and it has to do with the use of single- and multi-byte characters. You can still inject databases protected by the addslashes function, but injecting databases protected by mysql_real_escape_string is far more difficult. You can read more about it HERE
Register Globals
The reason why you should NOT use register_globals is because variables become accessible to everyone, which means that in the following example you would be able to set $access to true if it hasn’t been initialized before
<?php
if (isAuthenticated()) { $access = true; }
if ($access == true) {
include(controlpanel.php);
}
?>
The above code would give you sh#! loads of problems, but if we initialize the variable first by adding the following to the top of the page
$access = false;
…we should be fine even if we have register_globals ON
So, if the Wordpress team have initialized all variables (which they probably have) then you don’t have to worry about the use of globals.
Conclusion
It’s definitely bad practice using any of those 3 functions/features and I would never do it myself. Are you sure you’re working with the latest version of Wordpress? Like someone commented, if you are using the latest version it’s because of laziness or worse it’s still in there. I’ld never use Wordpress for anything other than blogs that doesn’t require much security..
NOTE: This answer was originally posted at StackOverflow.com by Tom
- Ann answered 14 years ago
- last active 14 years ago
- demo asked 8 years ago
- last active 7 years ago
- demo answered 7 years ago
- demo asked 7 years ago
- last active 7 years ago
- demo asked 7 years ago
- demo asked 11 years ago
- last active 11 years ago