Why Does WordPress Auto-Escape POST Data Even After Disabling Magic Quotes?

Mysterious Auto-Escaping of POST Data in WordPress

Despite disabling magic quotes through php.ini, PHP and WordPress continue to auto-escape POST data containing single quotes. This perplexing issue has left developers scratching their heads.

WordPress Origin of Auto-Escaping

The root cause of the auto-escaping lies within WordPress's bootstrapping process. When WordPress is initialized, it activates a code that automatically escapes certain characters in user input.

Solution to Auto-Escaping

To resolve this issue, it is recommended to override the global variables temporarily using the following code:

$_GET = array_map('stripslashes_deep', $_GET);
$_POST = array_map('stripslashes_deep', $_POST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_SERVER = array_map('stripslashes_deep', $_SERVER);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);

Alternatively, you can consider using a more targeted approach by "stripping locally" instead of overwriting the superglobals. For example:

$post = array_map('stripslashes_deep', $_POST);

Additional Considerations

Overwriting superglobals can potentially impact other parts of your application. Therefore, carefully evaluate whether it is appropriate for your specific situation.

Further insights from @Alexandar O'Mara and @quickshiftin provide valuable perspectives on this topic.

The above is the detailed content of Why Does WordPress Auto-Escape POST Data Even After Disabling Magic Quotes?. For more information, please follow other related articles on the PHP Chinese website!