[wp-hackers] forum post: sql injection

[Mark Jaquith]

Ryan Boren wrote:

> wp-settings.php 

Heh.  It's even recursive for arrays.  I can't believe I didn't know 
about this.  :-[

So does this mean that as far as WP is concerned that magic quotes is 
always on?  I mean, obviously there are other ways of introducing data 
that will need to be escaped, but doesn't this mean that the $_GET, 
$_POST, $_COOKIE, and $_SERVER arrays are safe?

-- 
Mark Jaquith
http://txfx.net/
MCincubus @ #wordpress