William Jiang

JavaScript,PHP,Node,Perl,LAMP Web Developer – http://williamjxj.com; https://github.com/williamjxj?tab=repositories

PHP: magic_quotes_gpc

magic_quotes_gpc (boolean):

According to PHP’s document, magic_quotes_gpc sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ‘ (single-quote), ” (double quote), \ (backslash) and NUL’s are escaped with a backslash automatically.

So if magic_quotes_gpc is on, probably the webpage outputs include lots of \” like <a href=\”mylink.htm\”>link</a>. How to remove the blackslash? A quick way to clean up magic quotes is to use:


However, here is a super way to clear all backslash Recursively which is from PHP documentation.

if (get_magic_quotes_gpc()) {
  function stripslashes_deep($value) {
    $value = is_array($value) ?
      array_map('stripslashes_deep', $value) :
    return $value;
  $_POST = array_map('stripslashes_deep', $_POST);
  $_GET = array_map('stripslashes_deep', $_GET);
  $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
  $_REQUEST = array_map('stripslashes_deep', $_REQUEST);

By this way, if magic_quotes are on, all the HTTP request are checked to remove backslash(‘\’) by using stripslashes() automatically before further steps.

Does the magic quotes is ‘On’ by default?

I check the php.ini:

; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/magic-quotes-gpc
magic_quotes_gpc = Off

It is ‘Off’ by default. So by default, there is no backslash(‘\’) for all the above specialchars, I have to manually add by addslashes(), or escape by htmlspecialchars(), mysql_real_escape_string() etc.


Wheather magic_quotes_gpc is available or not? we use get_magic_quotes_gpc()() to get the current configuration setting of magic_quotes_gpc.
get_magic_quotes_gpc — Gets the current configuration setting of magic_quotes_gpc.
In the above example (magic_quotes_gpc=Off), the get_magic_quotes_gpc() will return false.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: