Home
Find the answer to your question
By default, PHP 4.x and 5.x will attempt to "sanitize" user input by escaping characters such as single quote, double quote, and backslash. This was done in an attempt to prevent SQL injection and similar attacks. However, this can cause unexpected results in many cases.
$itemDescription = $_POST['itemDescription'];In this case, by default, PHP 4.x and PHP 5.x will apply the "magic_quotes" escaping function to variables in the $_POST array. Thus, if the item description entered was :
Don't do this!
Don\'t do this!
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
php_flag magic_quotes_gpc off
ini_set('magic_quotes_gpc', false);