downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

Why use Magic Quotes> <User Submitted Data
Last updated: Wed, 22 Jul 2009

view this page in

Magic Quotes

Table of Contents

Warning

This feature is DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Magic Quotes is a process that automagically escapes incoming data to the PHP script. It's preferred to code with magic quotes off and to instead escape the data at runtime, as needed.

What are Magic Quotes

When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does.

There are three magic quote directives:

  • magic_quotes_gpc Affects HTTP Request data (GET, POST, and COOKIE). Cannot be set at runtime, and defaults to on in PHP. See also get_magic_quotes_gpc().
  • magic_quotes_runtime If enabled, most functions that return data from an external source, including databases and text files, will have quotes escaped with a backslash. Can be set at runtime, and defaults to off in PHP. See also set_magic_quotes_runtime() and get_magic_quotes_runtime().
  • magic_quotes_sybase If enabled, a single-quote is escaped with a single-quote instead of a backslash. If on, it completely overrides magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ''. Double quotes, backslashes and NULL's will remain untouched and unescaped. See also ini_get() for retrieving its value.


add a note add a note User Contributed Notes
Magic Quotes
07-Dec-2005 03:09
You should try to avoid magic_quotes in all its flavors, use add_slashes() and strip_slashes() instead with user input and you will save time and avoid common problems that come along.

You should know also that if your server has php suexec enabled you won't be able use php_flag in .htaccess file to change php values like magic_quotes or register_globals. In this case you might wanna try creating a php.ini file on the same directory as your script and add something like this:

magic_quotes_runtime=off
magic_quotes_gpc=off
magic_quotes_sybase=off
register_globals=on ; only as an example

----
Mel
http://www.webhostingjournal.net/
richard dot spindler at gmail dot com
18-Aug-2005 10:59
to turn of magic quotes put the following line into the .htaccess file:

php_flag magic_quotes_gpc off
add a note add a note

Why use Magic Quotes> <User Submitted Data
Last updated: Wed, 22 Jul 2009
 
 
show source | credits | stats | sitemap | contact | advertising | mirror sites