From the manpage:
Quote:
PreventSQLi = yes|no
Prevent SQL-injection by placing a slash before every single-quote in the URL, POST-data and cookie. This is the same as PHP's magic-quotes. You should only use this option if such automated escaping is not already being done. Writing safe code is of course better. Note that this option can break up the uploading of binaries, like images. See also BanOnSQLi.
Default = no, example: PreventSQLi = yes
|
So basically, no
What I do is write a "wrapper" function instead of calling the "bare" mysql_query() or cursor.execute() directly.
A more useful feature of hiawatha BTW:
Quote:
PreventXSS = yes|no
Prevent cross-site scripting by replacing a less-then, greater-then, quote or double-quote in the URL with an underscore.
Default = no, example: PreventXSS = yes
|
Hiawatha is also more strict in interpreting the HTTP standard, so malformed (potentially abusive) requests are rejected.