7.4.3 Magic quotesThis is NOT the latest copy of this book; click here for the latest version.
Owing to the fact that the majority of user input is destined for database entry, PHP has a special php.ini setting called magic_quotes_gpc, which means that PHP will automatically backslashes \ before all quotes and other backslashes for GET, POST, and COOKIE data (GPC) - the equivalent of running the addslashes() function.
This functionality is usually turned on by default, which means that all GPC data coming into your script is safe for database entry, but it also means that if your data is not destined for a database, you need to disable magic quotes in your php.ini file.
Author's Note: I personally prefer to turn magic quotes off and handle the slashes myself, as this leads to much more predictable and easily understood behaviour. Note that changing your execution environment at runtime to enable magic quotes will have no effect on the script, as the variables are already parsed and ready for use by the time your code is executed.
|
Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.
My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
|
