<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>What are Magic Quotes</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.html">Magic Quotes</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.magicquotes.why.html">Why did we use Magic Quotes</a></div> <div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="security.magicquotes.what" class="sect1"> <h2 class="title">What are Magic Quotes</h2> <div class="warning"><strong class="warning">Warning</strong><p class="simpara">This feature has been <em class="emphasis">DEPRECATED</em> as of PHP 5.3.0 and <em class="emphasis">REMOVED</em> as of PHP 5.4.0.</p></div> <p class="para"> When on, all <em>'</em> (single-quote), <em>"</em> (double quote), <em>\</em> (backslash) and <em>NULL</em> characters are escaped with a backslash automatically. This is identical to what <span class="function"><a href="function.addslashes.html" class="function">addslashes()</a></span> does. </p> <p class="para"> There are three magic quote directives: </p> <ul class="itemizedlist"> <li class="listitem"> <span class="simpara"> <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a> </span> <span class="simpara"> Affects <acronym title="Hypertext Transfer Protocol">HTTP</acronym> Request data (GET, POST, and COOKIE). Cannot be set at runtime, and defaults to <em class="emphasis">on</em> in <acronym title="PHP: Hypertext Preprocessor">PHP</acronym>. </span> <span class="simpara"> See also <span class="function"><a href="function.get-magic-quotes-gpc.html" class="function">get_magic_quotes_gpc()</a></span>. </span> </li> <li class="listitem"> <span class="simpara"> <a href="info.configuration.html#ini.magic-quotes-runtime" class="link">magic_quotes_runtime</a> </span> <span class="simpara"> If enabled, most functions that return data from an external source, including databases and text files, will have quotes escaped with a backslash. Can be set at runtime, and defaults to <em class="emphasis">off</em> in <acronym title="PHP: Hypertext Preprocessor">PHP</acronym>. </span> <span class="simpara"> See also <span class="function"><a href="function.set-magic-quotes-runtime.html" class="function">set_magic_quotes_runtime()</a></span> and <span class="function"><a href="function.get-magic-quotes-runtime.html" class="function">get_magic_quotes_runtime()</a></span>. </span> </li> <li class="listitem"> <span class="simpara"> <a href="sybase.configuration.html#ini.magic-quotes-sybase" class="link">magic_quotes_sybase</a> </span> <span class="simpara"> If enabled, a single-quote is escaped with a single-quote instead of a backslash. If on, it completely overrides <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a>. Having both directives enabled means only single quotes are escaped as <em>''</em>. Double quotes, backslashes and NULL's will remain untouched and unescaped. </span> <span class="simpara"> See also <span class="function"><a href="function.ini-get.html" class="function">ini_get()</a></span> for retrieving its value. </span> </li> </ul> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.html">Magic Quotes</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.magicquotes.why.html">Why did we use Magic Quotes</a></div> <div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>