Category Archives: PHP-Magic Quotes

PHP-Magic Quotes

Escaping troublesome characters
When you are inserting data into a MySQL database, certain characters have a special meaning and
must therefore be escaped if you wish to insert these characters literally.
By default, PHP will escape these characters for you in any data coming from the user in GET, Post
or Cookie data. This magic escaping is known as Magic Quotes and can be configured in your php.ini
file by setting the magic_quotes_gpc directive.
The characters affected are \ ‘ ” and NUL (char 0). If these characters appear in user-supplied data
they will be escaped with a \ (backslash).
Some people prefer to turn this feature off and handle escaping data manually using the addslashes()
function. There is a converse function, stripslashes(), which removes the backslash characters in an
escaped string.