| What are Magic quotes? |
| Written by Wikipedia | ||
| Thursday, 20 September 2007 | ||
|
Magic quotes is a controversial feature of the PHP scripting language, intended to help prevent inexperienced developers from writing code which is vulnerable to SQL injection attacks. This feature is officially deprecated as of PHP 5.3.0, and removed in PHP 6 due to security concerns[1].
ConceptThe rationale behind magic quotes is to "help code written by beginners from being dangerous."[2] Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the CriticismMagic quotes are enabled by default in new installations of PHP, and since their operation is behind the scenes and not immediately obvious, developers may be unaware of their existence and the potential problems that they can introduce. The PHP documentation points out several pitfalls and recommends that, despite being enabled by default, they should be disabled.[3] Problems with magic quotes include:
In November 2005 the core PHP developers decided on account of these problems that the magic quotes feature would be removed from PHP 6.[7] Other approaches
References
External links
Set as favorite
Bookmark
Comments (0)
![]() Write comment
|
||
| Next > |
|---|





