Prior to PHP 6 there was a feature called magic quotes that was created to help protect newbie programmers from writing bad form processing code. Magic quotes would automatically escape risky form data that might be used for SQL Injection with a backslash \. The characters escaped by PHP include: quote ', double quote ", backslash \ and NULL characters.

Magic Quotes - Are They Enabled?

First things first, you need to check to see if you have magic quotes enabled on you server. The get_magic_quotes_gpc function will return a 0 (off) or a 1 (on). These boolean values will fit nicely into an if statement where 1 is true and 0 is false.

PHP Code:

if(get_magic_quotes_gpc())  echo "Magic quotes are enabled"; else  echo "Magic quotes are disabled";

Display:

Magic quotes are enabled

If you received the message "Magic quotes are enabled" then you should definitely continue reading this lesson, if not feel free to learn about it in case you are developing for servers that might have quotes on or off.

PHP (PHP Hypertext Preprocessor)

Monday, May 30, 2011

PHP - Magic Quotes

Magic Quotes - Are They Enabled?

PHP Code:

Display:

No comments:

Post a Comment