Magic quotes solution

Pink Goblin (otherwise known as HarryF) explains why magic quotes are evil. This is an issue that every PHP developer should be aware of, as it can cause all kinds of problems in your scripts if you ignore it. He suggests using a custom myAddSlashes() function which only calls addslashes() if magic quotes are turned off. I have an alternative solution—chose your preferred setting (quotes on or off) and apply it at run time to all incoming data in one go. My code for doing this is available here. By a bizzare coincidence I wrote the script this morning, then spotted a link to the Pink Goblin article on tidak ada literally five minutes after finishing it.

Posted 16th August 2002 at 11:24 am

5 comments

Thanks for the heads-up. I've always used the http://www.php.net/manual/en/function.mysql-escape -string.php mysql_escape_string function, but according to the user comments on the above page, that function has the same issue.
Adrian - 16th August 2002 13:39 - #
Whoop...Didn't know links weren't allowed. Simon, you might consider putting a little message on the comment submission form that explains which tags, if any, are cut or converted from comment posts.
Adrian - 16th August 2002 13:41 - #
Good point - the comments system here is shamefully primitive I'm afraid. I've been meaning to improve it for a while, but with a new blog on the way upgrading this one isn't such a priority. I'll add a warning message and drop in a regular expression to make URLs clickable now though.
Simon - 16th August 2002 13:57 - #
Cool. Can't wait to see the new blog.
Adrian - 16th August 2002 14:58 - #
sSsQSqs
qsS - 10th September 2003 21:37 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2002/08/16/magicQuotesSolution

Simon Willison’s Weblog

Magic quotes solution

5 comments