According to the PHP manual, in order to make code more portable, they recommend using something like the following for escaping data: if (!get_magic_quotes_gpc()) { $lastname = addslashes($_POST[...

What are the technical reasons that Magic Quotes has been removed from PHP 5.4 ? From PHP docs Performance Performance Because not every piece of escaped data is inserted into a database, ther...

My server admin recently upgraded to PHP 5.3 and I'm getting a weird "bug" (or feature, as the PHP folks have it). I had mysql_real_escape_string around most of my string form data for obvious safe...

According to php.net I should use mysql_real_escape_string() and turn off magic quotes, because it's deprecated. So I turned it off and I used mysql_real_escape_string(), but is it enough to use i...

I disabled magic_quotes in my php.ini. But I still get escaped strings in my form. Note: I'm running this in a theme in Wordpress.

I am submitting a form to my MySQL database using PHP. I am sending the form data through the mysql_real_escape_string($content) function. When the entry shows up in my database (checking in phpM...

As you know when Magic Quotes are ON, single quotes are escaped in values and also in keys. Most solutions to remove Magic Quotes at runtime only unescape values, not keys. I'm seeking a solution t...

I'm totally aware of the aberration of Magic Quotes in PHP, how it is evil and I avoid them like pest, but what are magic_quotes_runtime? From php.ini: Magic quotes for runtime-generated data, ...

I'm writing a set of PHP scripts that'll be run in some different setups, some of them shared hosting with magic quotes on (the horror). Without the ability to control PHP or Apache configuration, ...

I'm writing a app that needs to be portable. I know I should disable magic quotes on the PHP configuration but in this case I don't know if I can do that, so I'm using the following code: if (get_...