Magic Quotes - Concept

Concept

The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help code written by beginners from being dangerous." It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries". It originally was intended as a "convenience feature, not as security feature."

The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)

Read more about this topic:  Magic Quotes

Famous quotes containing the word concept:

    Terror is as much a part of the concept of truth as runniness is of the concept of jam. We wouldn’t like jam if it didn’t, by its very nature, ooze. We wouldn’t like truth if it wasn’t sticky, if, from time to time, it didn’t ooze blood.
    Jean Baudrillard (b. 1929)

    To find the length of an object, we have to perform certain
    physical operations. The concept of length is therefore fixed when the operations by which length is measured are fixed: that is, the concept of length involves as much as and nothing more than the set of operations by which length is determined.
    Percy W. Bridgman (1882–1961)

    The two most far-reaching critical theories at the beginning of the latest phase of industrial society were those of Marx and Freud. Marx showed the moving powers and the conflicts in the social-historical process. Freud aimed at the critical uncovering of the inner conflicts. Both worked for the liberation of man, even though Marx’s concept was more comprehensive and less time-bound than Freud’s.
    Erich Fromm (1900–1980)