| Starting PHP |
 |
2026-01-01 |
 |
 |
42 |
 |
|
By default, PHP will escape these characters for you in any data coming from the
user in GET, Post or Cookie data. This magic escaping is known as Magic Quotes and can
be configured in your php.ini file by setting the magic_quotes_gpc directive.
The characters affected are \ ' " and NUL (char 0). If these characters appear in
user-supplied data they will be escaped with a \ (backslash).
Some people prefer to turn this feature off and handle escaping data manually using
the addslashes() function. There is a converse function, stripslashes(), which removes
the backslash characters in an escaped string.
Magic Quotes Normalization Routine
<?php
// check the state of magic quotes
if (get_magic_quotes_gpc()) {
function normalize_quotes(&$var) {
if (is_array($var)) {
// itterate through the array
array_walk($var, 'normalize_quotes');
} else {
// remove slashes
$var = stripslashes($var);
}
}
// go through the common list of input super-globals
foreach (array('GET', 'POST', 'COOKIE') as $s) {
array_walk(${'_',$s}, 'normalize_quotes');
}
}
?>
