English
German

PHP Tutorial Example
Example
PHP Mail
PHP Libxml
PHP HTTP
PHP Filter
PHP Zip
PHP Directory
PHP Error
PHP SimpleXML
PHP Calendar
PHP Date
PHP Misc
PHP XML
PHP FTP
PHP Math
PHP MySQL
PHP Filesystem
PHP Array
PHP String

PHP Tutorial
PHP Introduction
PHP Installation
PHP Syntax
PHP Variables
PHP Echo
PHP Strings
PHP Operators
PHP Comments
PHP Include File
PHP Require
PHP If Statement
PHP If Else
PHP Elseif
PHP Switch
PHP Forms
PHP Functions
PHP Array
PHP While Loop
PHP For Loop
PHP For Each
PHP Do While
PHP POST and GET
PHP Magic Quotes
PHP htmlentities

PHP Files
PHP File
PHP File Create
PHP File Open
PHP File Close
PHP File Write
PHP File Read
PHP File Delete
PHP File Append
PHP File Truncate
PHP File Upload

PHP Strings
PHP strpos
PHP str replace
PHP substrreplace
PHP Capitalization
PHP explode
PHP implode

PHP Advanced
PHP Date
PHP Session
PHP Cookies
PHP Include
PHP Email
PHP Secure Email
PHP Error
PHP Exception
PHP Filter

PHP and AJAX
AJAX Intro
AJAX PHP
AJAX Database
AJAX XML
AJAX Live Search
AJAX RSS Reader
AJAX Poll

PHP XML
XML Expat Parser
XML DOM
XML SimpleXML

PHP Database
MySQL Introduction
MySQL Connect
MySQL Create
MySQL Insert
MySQL Select
MySQL Where
MySQL Order By
MySQL Update
MySQL Delete
PHP ODBC

PHP Misc
PHP connection aborted Function

PHP Magic Quotes

PHP Magic Quotes

Prior to PHP 6 there was a feature called magic quotes that was created to help protect newbie programmers from writing bad form processing code. Magic quotes would automatically escape risky form data that might be used for SQL Injection with a backslash.

However, this newbie protection proved to cause more problems than it solved and is not in PHP 6. If your PHP version is any version before 6 then you should use this lesson to learn more about how magic quotes can affect you.

Magic Quotes Are They Enabled

First things first, you need to check to see if you have magic quotes enabled on you server. The get_magic_quotes_gpc function will return a 0 (off) or a 1 (on). These boolean values will fit nicely into an if statement where 1 is true and 0 is false.

Example:
if(get_magic_quotes_gpc())

    echo "Magic quotes are enabled";

else

    echo "Magic quotes are disabled";

 
Output
Magic quotes are enabled

If you received the message "Magic quotes are enabled" then you should definitely continue reading this lesson, if not feel free to learn about it in case you are developing for servers that might have quotes on or off.

Magic Quotes in Action

Now lets make a simple form processor to show how machines with magic quotes enabled will escape those potentially risky characters. This form submits to itself, so you only need to make one file, "magic-quotes.php" to test it out.

Example:
<?php

echo "Altered Text: ".$_POST['question'];

?>



<form method='post'>

Question: <input type='text' name='question'/><br />

<input type='submit'>



</form>

 

Removing Backslashes stripslashes

Before you use PHP's backslash removal function stripslashes it's smart to add some magic quote checking like our "Are They Enabled?" section above. This way you won't accidentally be removing slashes that are legitimate in the future if your PHP's magic quotes setting changes in the future.

Example:
<?php

echo "Removed Slashes: ";

// Remove those slashes

if(get_magic_quotes_gpc())

    echo stripslashes($_POST['question']);

else

    echo $_POST['question'];

    

?>



<form method='post'>

Question: <input type='text' name='question'/><br />

<input type='submit'>



</form>

 
PHP Tutorial,PHP Magic Quotes, PHP Magic Quotes example, learn PHP Magic Quotes,explain example PHP Magic Quotes online free training PHP Tutorial, PHP Tutorial example, learn PHP Magic Quotes, online tutorial, download tutorial, PHP Tutorial books, PHP Tutorial videos, live videos PHP Tutorial, learn PHP Tutorial, PHP Tutorial topic PHP Magic Quotes, live training PHP Tutorial, download free tutorial