PHP: magic_quotes_gpc
-
20-06-2021 - |
Question
According to the PHP manual:
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.
But does this also apply for $_REQUEST variables?
Solution
Yes it does since $_REQUEST
is derived from content stored in $_GET
, $_POST
and $_COOKIE
. However as I am sure you already noticed relying on magic_quotes
in any way is considered bad practice which is why it was ultimately removed as of PHP 5.4.
OTHER TIPS
The $_REQUEST variables are the same as the GPC variables.
Remember that magic_quotes_gpc has been removed from PHP as of version 5.4. It's recommended that you do not rely on its presence and do not use it for new projects.
Yes, but you shouldn't be using magic quotes.
Read http://uk.php.net/manual/en/security.magicquotes.whynot.php before you go any further.
Yes, magic_quotes_gpc
affect $_GET. $_POST, $_COOKIE, $_REQEUST.
FYI: use of magic quotes it's evil and deprecated. Check the official PHP page on how to disable magic_quotes_gpc runtime using a workaround.