Magic Quotes
Table of Contents
WarningThis feature is
DEPRECATED and REMOVED as of PHP 6.0.0.
Relying on this feature is highly discouraged.
Magic Quotes is a process that automagically escapes incoming data to the
PHP script. It's preferred to code with magic quotes off and to instead
escape the data at runtime, as needed.
What are Magic Quotes
When on, all ' (single-quote), "
(double quote), \ (backslash) and NULL
characters are escaped with a backslash automatically. This is identical
to what addslashes() does.
There are three magic quote directives:
-
magic_quotes_gpc
Affects HTTP Request data (GET, POST, and COOKIE). Cannot be set at
runtime, and defaults to on in PHP.
See also get_magic_quotes_gpc().
-
magic_quotes_runtime
If enabled, most functions that return data from an external source,
including databases and text files, will have quotes escaped with a
backslash. Can be set at runtime, and defaults to off
in PHP.
See also set_magic_quotes_runtime() and
get_magic_quotes_runtime().
-
magic_quotes_sybase
If enabled, a single-quote is escaped with a single-quote instead of a
backslash. If on, it completely overrides
magic_quotes_gpc. Having
both directives enabled means only single quotes are escaped as
''. Double quotes, backslashes and NULL's will
remain untouched and unescaped.
See also ini_get() for retrieving its value.