<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Why not to use Magic Quotes</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.why.html">Why did we use Magic Quotes</a></div>
<div class="next" style="text-align: right; float: right;"><a href="security.magicquotes.disabling.html">Disabling Magic Quotes</a></div>
<div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="security.magicquotes.whynot" class="sect1">
<h2 class="title">Why not to use Magic Quotes</h2>
<div class="warning"><strong class="warning">Warning</strong><p class="simpara">This feature has been
<em class="emphasis">DEPRECATED</em> as of PHP 5.3.0 and <em class="emphasis">REMOVED</em>
as of PHP 5.4.0.</p></div>
<ul class="itemizedlist">
<li class="listitem">
<span class="simpara">
Portability
</span>
<span class="simpara">
Assuming it to be on, or off, affects portability. Use
<span class="function"><a href="function.get-magic-quotes-gpc.html" class="function">get_magic_quotes_gpc()</a></span> to check for this, and code
accordingly.
</span>
</li>
<li class="listitem">
<span class="simpara">
Performance
</span>
<span class="simpara">
Because not every piece of escaped data is inserted into a
database, there is a performance loss for escaping all this data.
Simply calling on the escaping functions (like
<span class="function"><a href="function.addslashes.html" class="function">addslashes()</a></span>) at runtime is more efficient.
</span>
<span class="simpara">
Although <var class="filename">php.ini-development</var> enables these directives
by default, <var class="filename">php.ini-production</var> disables it.
This recommendation is mainly due to performance reasons.
</span>
</li>
<li class="listitem">
<span class="simpara">
Inconvenience
</span>
<span class="simpara">
Because not all data needs escaping, it's often annoying to see escaped
data where it shouldn't be. For example, emailing from a form, and
seeing a bunch of \' within the email. To fix, this may require
excessive use of <span class="function"><a href="function.stripslashes.html" class="function">stripslashes()</a></span>.
</span>
</li>
</ul>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.why.html">Why did we use Magic Quotes</a></div>
<div class="next" style="text-align: right; float: right;"><a href="security.magicquotes.disabling.html">Disabling Magic Quotes</a></div>
<div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
