PHP Magic!

One of the very important tasks of inserting information into MySQL is ensure that the data you put in is valid. Afterall one small mistake could cost when 'evil' get access to your data.

What Exactly is Magic Quotes?

The simple answer is this, magic quotes automatically escape all ' (single quotes), " (double quotes), \ (backslashes) and NULL characters. Think about what addslashes() does.

They are useful for beginners as they are somewhat protected against bad input and I suppose that some sort of easy of use is handed to better programmers.

However the pros are heavily outweighed by the cons. For more professional users, their code is no longer portable as they now need to confirm if magic quotes are used on ever installation. It also has an added negative that all the input must be run through stripslashes() prior to output. Finally it will no doubt improve the performance, as instead of EVERY piece of data passing through it, only the select pieces that the user choose are.

Handling Magic Quotes

Here is a very simple method for purging the slashes added by magic quotes IF and only if it is enable.

<?php
if(get_magic_quotes_gpc()) {
  function removemq($item) {
    if(is_array($item)) array_map('removemq',$item);
    else stripslashes($item);
  }
  $_GET=array_map('removemq',$_GET);
  $_POST=array_map('removemq',$_POST);
  $_COOKIE=array_map('removemq',$_COOKIE);
}
?>

What this does is very simple, it walks through the various inputs that PHP receives and strips all the slashes that were added if magic quotes was enabled. This simple trick allows the code to be portable again!

Navigation

Misc

Friends

Gentoo

Irssi

Bugs
Irssi

Kutzooiv2