get_magic_quotes_gpc

Description

Returns the current configuration setting of magic_quotes_gpc (0 for off, 1 for on).

Keep in mind that the setting magic_quotes_gpc will not work at runtime.

Example 1. get_magic_quotes_gpc() example <?php echo get_magic_quotes_gpc();         // 1 echo $_POST['lastname'];             // O\'reilly echo addslashes($_POST['lastname']); // O\\\'reilly if (!get_magic_quotes_gpc()) {     $lastname = addslashes($_POST['lastname']); } else {     $lastname = $_POST['lastname']; } echo $lastname; // O\'reilly $sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')"; ?>

In the interests of writing portable code (code that works in any environment), or, if you do not have access to change php.ini, you may wish to disable the effects of magic quotes on a per-script basis. This can be done in two ways, with a directive in a .htaccess file (php_value magic_quotes_gpc 0), or by adding the below code to the top of your scripts.

Example 2. Disabling magic quotes at runtime <?php if (get_magic_quotes_gpc()) {     function stripslashes_deep($value)     {         $value = is_array($value) ?                     array_map('stripslashes_deep', $value) :                     stripslashes($value);         return $value;     }     $_POST = array_map('stripslashes_deep', $_POST);     $_GET = array_map('stripslashes_deep', $_GET);     $_COOKIE = array_map('stripslashes_deep', $_COOKIE); } ?>

Magic-quotes was added to reduce code written by beginners from being dangerous. If you disable magic quotes, you must be very careful to protect yourself from SQL injection attacks.

See also addslashes(), stripslashes(), get_magic_quotes_runtime(), and ini_get().