<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>What are Magic Quotes</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.html">Magic Quotes</a></div>
<div class="next" style="text-align: right; float: right;"><a href="security.magicquotes.why.html">Why did we use Magic Quotes</a></div>
<div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="security.magicquotes.what" class="sect1">
<h2 class="title">What are Magic Quotes</h2>
<div class="warning"><strong class="warning">Warning</strong><p class="simpara">This feature has been
<em class="emphasis">DEPRECATED</em> as of PHP 5.3.0 and <em class="emphasis">REMOVED</em>
as of PHP 5.4.0.</p></div>
<p class="para">
When on, all <em>'</em> (single-quote), <em>"</em>
(double quote), <em>\</em> (backslash) and <em>NULL</em>
characters are escaped with a backslash automatically. This is identical
to what <span class="function"><a href="function.addslashes.html" class="function">addslashes()</a></span> does.
</p>
<p class="para">
There are three magic quote directives:
</p>
<ul class="itemizedlist">
<li class="listitem">
<span class="simpara">
<a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a>
</span>
<span class="simpara">
Affects <acronym title="Hypertext Transfer Protocol">HTTP</acronym> Request data (GET, POST, and COOKIE). Cannot be set at
runtime, and defaults to <em class="emphasis">on</em> in <acronym title="PHP: Hypertext Preprocessor">PHP</acronym>.
</span>
<span class="simpara">
See also <span class="function"><a href="function.get-magic-quotes-gpc.html" class="function">get_magic_quotes_gpc()</a></span>.
</span>
</li>
<li class="listitem">
<span class="simpara">
<a href="info.configuration.html#ini.magic-quotes-runtime" class="link">magic_quotes_runtime</a>
</span>
<span class="simpara">
If enabled, most functions that return data from an external source,
including databases and text files, will have quotes escaped with a
backslash. Can be set at runtime, and defaults to <em class="emphasis">off</em>
in <acronym title="PHP: Hypertext Preprocessor">PHP</acronym>.
</span>
<span class="simpara">
See also <span class="function"><a href="function.set-magic-quotes-runtime.html" class="function">set_magic_quotes_runtime()</a></span> and
<span class="function"><a href="function.get-magic-quotes-runtime.html" class="function">get_magic_quotes_runtime()</a></span>.
</span>
</li>
<li class="listitem">
<span class="simpara">
<a href="sybase.configuration.html#ini.magic-quotes-sybase" class="link">magic_quotes_sybase</a>
</span>
<span class="simpara">
If enabled, a single-quote is escaped with a single-quote instead of a
backslash. If on, it completely overrides
<a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a>. Having
both directives enabled means only single quotes are escaped as
<em>''</em>. Double quotes, backslashes and NULL's will
remain untouched and unescaped.
</span>
<span class="simpara">
See also <span class="function"><a href="function.ini-get.html" class="function">ini_get()</a></span> for retrieving its value.
</span>
</li>
</ul>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.html">Magic Quotes</a></div>
<div class="next" style="text-align: right; float: right;"><a href="security.magicquotes.why.html">Why did we use Magic Quotes</a></div>
<div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
