[wp-hackers] Magic quotes "on" forever?

Olivier autremonde75 at gmail.com
Wed May 5 18:12:07 UTC 2010


Thanks Otto, you are definitely a WP master, what would we do without
your support? Thanks Sir!

On May 5, 8:09 pm, Otto <o... at ottodestruct.com> wrote:
> On Wed, May 5, 2010 at 12:59 PM, Olivier <autremond... at gmail.com> wrote:
> > This piece of code makes me think if I understand it well that, in the
> > end, quotes are applied to all datas to make things consistant accross
> > hosts whatever the magic quotes setting is.
>
> > Can you please confirm that my understanding is right and so based on
> > that, I have to stripslashes_deep again all datas (without testing the
> > get_magic_quotes_gpc as quotes are always applied) before manipulation
> > (and then obviously use the prepare before DB insertion to escape
> > again the quotes)?
>
> You are basically correct, yes. For consistency, all those are magic
> quoted regardless of whatever setting was used anywhere.
>
> You can do a stripslashes_deep on the whole $_POST or whatever you
> need to dequote the whole thing and every subarray in it, if you need
> to do so.
>
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hack... at lists.automattic.comhttp://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list