Escaping troublesome characters

When you are inserting data into a MySQL database, certain characters have a special meaning and must therefore be escaped if you wish to insert these characters literally.

By default, PHP will escape these characters for you in any data coming from the user in GET, Post or Cookie data. This magic escaping is known as Magic Quotes and can be configured in your php.ini file by setting the magic_quotes_gpc directive.

The characters affected are \ ' " and NUL (char 0). If these characters appear in user-supplied data they will be escaped with a \ (backslash).

Some people prefer to turn this feature off and handle escaping data manually using the addslashes() function. There is a converse function, stripslashes(), which removes the backslash characters in an escaped string.