Simon Willison’s Weblog

In what circumstances should one use “magic quotes” in PHP?

My answer to In what circumstances should one use “magic quotes” in PHP? on Quora

Absolutely never. Magic quotes was a badly designed feature, and PHP has been trying to escape its legacy for years. If you are constructing SQL strings using string concatenation you’re asking for trouble—use prepared statements or a library that interpolates and correctly escapes variables for you.