[wp-hackers] Magic quotes "on" forever?

Otto otto at ottodestruct.com
Wed May 5 18:09:42 UTC 2010


On Wed, May 5, 2010 at 12:59 PM, Olivier <autremonde75 at gmail.com> wrote:
> This piece of code makes me think if I understand it well that, in the
> end, quotes are applied to all datas to make things consistant accross
> hosts whatever the magic quotes setting is.
>
> Can you please confirm that my understanding is right and so based on
> that, I have to stripslashes_deep again all datas (without testing the
> get_magic_quotes_gpc as quotes are always applied) before manipulation
> (and then obviously use the prepare before DB insertion to escape
> again the quotes)?

You are basically correct, yes. For consistency, all those are magic
quoted regardless of whatever setting was used anywhere.

You can do a stripslashes_deep on the whole $_POST or whatever you
need to dequote the whole thing and every subarray in it, if you need
to do so.

-Otto


More information about the wp-hackers mailing list