Concept
The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help code written by beginners from being dangerous." It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries". It originally was intended as a "convenience feature, not as security feature."
The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)
Read more about this topic: Magic Quotes
Famous quotes containing the word concept:
“Behind the concept of woman’s strangeness is the idea that a woman may do anything: she is below society, not bound by its law, unpredictable; an attribute given to every member of the league of the unfortunate.”
—Christina Stead (1902–1983)
“the full analysis of the notions of saying something and understanding what one said inevitably involves a concept which, as I will show in detail, essentially corresponds to the Cartesian idea of thought.”
—Zeno Vendler (b. 1921)
“The new concept of the child as equal and the new integration of children into adult life has helped bring about a gradual but certain erosion of these boundaries that once separated the world of children from the word of adults, boundaries that allowed adults to treat children differently than they treated other adults because they understood that children are different.”
—Marie Winn (20th century)