Concept
The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help code written by beginners from being dangerous." It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries". It originally was intended as a "convenience feature, not as security feature."
The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)
Read more about this topic: Magic Quotes
Famous quotes containing the word concept:
“The concept is interesting: to see, as though reflected
In streaming windowpanes, the look of others through
Their own eyes.”
—John Ashbery (b. 1927)
“Jesus abolished the very concept of “guilt”Mhe denied any cleavage between God and man. He lived this unity of God and man as his “glad tidings” ... and not as a prerogative!”
—Friedrich Nietzsche (1844–1900)
“The concept of a mental state is primarily the concept of a state of the person apt for bringing about a certain sort of behaviour.”
—David Malet Armstrong (b. 1926)