From: Ravi Gehlot

> What are these magic quotes anyways?. What are they used for?

I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.

We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.

    // If magic quotes is on, we want to remove slashes
    if (get_magic_quotes_gpc()) {
      // Magic quotes is on
      $response = stripslashes($_POST[$key]);
    } else {
      $response = $_POST[$key];

For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to