SQL Injection



Hi all.

I'm starting out redesigning a whole site and just need to know that if magic quotes are enabled on the server do I still need to re-write all my login queries to protect against the above...?
The best way to protect against injection attacks is to write your code carefully and correctly, or to use an abstraction layer like PEAR::DB.
Thanks Swirlee. So if basically I'm OK i'd guess as magic quotes are on, I am pretty tight with my queries and don't pull info I don't need at the login stage and then just use session variables all the way through the site.

Many thanks.