magic-quotes - w3toppers.com

How can I disable PHP magic quotes at runtime?

Only magic_quoted_runtime can be disabled at runtime. But magic_quotes_gpc can’t be disabled at runtime (PHP_INI_ALL changable until PHP 4.2.3, since then PHP_INI_PERDIR); you can only remove them: if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = … Read more

Magic quotes in PHP

Magic quotes are inherently broken. They were meant to sanitize input to the PHP script, but without knowing how that input will be used it’s impossible to sanitize correctly. If anything, you’re better off checking if magic quotes are enabled, then calling stripslashes() on $_GET/$_POST/$_COOKIES/$_REQUEST, and then sanitizing your variables at the point where you’re … Read more