PHPDeveloper.org: Arpad Ray's Blog: The adventure of PHP and the magic quotes

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

Community News: Symfony-Check.org (A Symfony Deployment Checklist)

Matt Williams' Blog: High level search with PHP and Apache Solr

Brian Swan's Blog: Retrieving Data with the OData SDK for PHP

Brandon Savage's Blog: The 15 Minute Rule Of Software Development

PHPBuilder.com: Create Custom Google Analytics Interfaces Using PHP

NETTUTS.com: Image Resizing Made Easy with PHP

Site News: Popular Posts for the Week of 03.19.2010

Symfony Blog: Running a TV station with symfony

Eli White's Blog: Conferences, Speakers & Presentations

Ibuildings techPortal: Zend Studio formatted for Zend Framework and ATK

Arpad Ray's Blog:
The adventure of PHP and the magic quotes

by Chris Cornutt December 17, 2008 @ 12:03:07

One of the things that's been hanging around PHP's neck since its early days is the magic_quotes setting that was introduces to try to make things easier. In this interesting post Arpad Ray takes a look at this setting and why its a bad thing for PHP to have around.

Like register_globals, it helped lower the barrier of entry to building a dynamic website by removing some of the complexity. However it certainly wasn't without sacrifice, problems with the implementation quickly appeared and continued to abound for the next ten years. Finally in PHP 5.2.2 we got an implementation which (as far as its intentions went) seemed to be bug free, but of course by then it was turned off by default and was already slated to be dropped in PHP 6.

He looks at a few reasons they're bad (not good enough for escaping, inconsistent, performance issues) and some methods - code snippets - on how to deal with it being turned on on your server.

2 comments voice your opinion now!
adventure magic quotes bad php5 php6 fix

by Ivo - 12.17.2008 @ 15:48:59

This post is from september, Enygma should check is feed reader :)

Indeed an interesting post though!

is this spam? let us know!

by Chris Shiflett - 12.17.2008 @ 13:13:36

His blog has a bug. When you try to comment, it tells you that you must be logged in. So, I'm commenting here instead.

Hi Arpad,

Thanks for writing such a detailed, evidence-driven post. I wish there was more of this type of writing out there. :-)

One thing I would add to your list is the fact that magic quotes is an escaping solution. Escaping input provides a unique set of challenges, because it's an inappropriate design decision. Because data is not necessarily destined for exactly one context, it is only important to be sure input is valid. (Filter input.) Each context can then be handled as needed, typically when the data leaves PHP for another context. (Escape output.)

Magic quotes violates this simple tenet, and in my opinion, this is the root cause of most of the problems related to using it.

is this spam? let us know!

Similar Posts

Wolfgang Drews' Blog: Curious about the new php5 certification?

Richard Lord's Blog: PHP 5.2 - Nesting level too deep - recursive dependency?

Gregory Szorc's Blog: So Many Untapped PHP Features

DevShed: Accessing Attributes and Cloning Nodes with the DOM XML Extension in PHP 5

Andrei Zmievski\'s Blog: PHP Developer\'s Meeting 2005

Community Events

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework