Magic quotes are a common question for PHPer. I accidentally saw an article today, combined with the PHP Manual and its replies, I will make a simple summary here. In short, Magic quotes will automatically escape the entered data when turned on. Among them, all single quotes (), double quotes ("), backslashes, and NULL characters will be escaped (a backslash is added). In fact, this operation essentially calls the addslashes function. Why use Magic quotes Good for beginners “I don’t have permission to close it” Why not use Magic quotes Performance issues Causing confusion PHP6 is no longer supported How to disable Magic quotes ; Magic quotes;; Magic quotes for incoming GET/POST/Cookie data.magic_quotes_gpc = Off; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.magic_quotes_runtime = Off; Use Sybase- style magic quotes (escape with instead of ).magic_quotes_sybase = Off However, the online host may not allow you to modify the php.ini file, so you can use the .htaccess file to disable it and add the following code php_flag magic_quotes_gpc Off For the above portable code, the data must remain consistent whether magic_quotes is disabled or not. Then the code below can help you
Convenient and fast
The designers of PHP at the beginning of the design envisioned fast and convenient programming. For example, when inserting into a database, Magic quotes will automatically escape the data, which is very convenient.
Magic quotes can, to a certain extent, remove beginners from the security risks of scripts. For example, in code without any protection measures, after turning on Magic quotes, there will be much fewer risks, such as injection problems. Of course, using this method alone cannot completely prevent such security issues.
Obviously you may be aware of this problem, but the host space is not completely under your control.
Portability
Whether this feature is turned on or not, it will affect the portability of the script because it affects our subsequent operations of filtering the data.
All external data will be escaped before being obtained, which will undoubtedly increase runtime costs (and not all data needs to be escaped).
As mentioned above, not all data needs to be escaped. One situation that may arise is when you use the stripslashes function "crazy" to get unescaped data.
The designers of PHP have obviously realized their "mistake", so they have deprecated it in PHP6.
In my opinion, it is most reliable to use the php.ini configuration file to globally disable Magic quotes. Refer to the code below
How to open php file
How to remove the first few elements of an array in php
What to do if php deserialization fails
How to connect php to mssql database
How to connect php to mssql database
What to do if an error occurs in the script of the current page
How to upload html
How to solve garbled characters in PHP
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
