Why is WordPress Still Escaping Data After Disabling Magic Quotes?

WordPress' Auto-Escaping Quandary with Magic Quotes Disabled

Despite disabling magic quotes in PHP's configuration, WordPress continues to automatically escape POST data, particularly single quotes. This puzzling behavior has often baffled developers.

Cause and Solution

The root cause lies within WordPress's bootstrapping process. WordPress initiates auto-escaping when its multisite functionality is active. To resolve this, add the following code before WordPress is bootstrapped:

<code class="php">$_GET       = array_map('stripslashes_deep', $_GET);
$_POST      = array_map('stripslashes_deep', $_POST);
$_COOKIE    = array_map('stripslashes_deep', $_COOKIE);
$_SERVER    = array_map('stripslashes_deep', $_SERVER);
$_REQUEST   = array_map('stripslashes_deep', $_REQUEST);</code>

This code will strip slashes from WordPress's request objects before auto-escaping occurs.

Alternative Approaches

While stripslashes_deep effectively addresses the issue, consider these alternative approaches:

• Use "strip locally": Only strip slashes from specific POST data elements. For instance: $post = array_map('stripslashes_deep', $_POST);
• Disable WordPress's auto-escaping: Add define('AUTOMATIC_ESCAPING_DISABLED', true); to your WordPress configuration file (wp-config.php). This disables auto-escaping, but it should be used cautiously.

The above is the detailed content of Why is WordPress Still Escaping Data After Disabling Magic Quotes?. For more information, please follow other related articles on the PHP Chinese website!