Hey,
I'm taking a look at how to properly escape data that comes from the outside world before it gets used either for application control, storage, logic.. that kind of thing.
Obviously, with the magic quotes directive being deprecated shortly in php 5.3.0+, and removed in php6, this becomes more pressing, for anyone looking to upgrade and get into the new language features, while maintaining legacy code (don't we love it..).
However, one thing that I haven't seen is much discussion about theory/best practice with what to do once you have protected your data - for example, to store with or without slashes? I personally think keeping escaped data in the DB is a bad move, but want to hear discussion and read some case studies preferably..
Some links from the PHP manual just for reference:
PHP Manual - mysql_real_escape_string
etc etc.
Any tips?