A.8. magic_quotes_gpcThe magic_quotes_gpc directive is a popular directive meant to prevent SQL injection. It is a flawed approach for a number of reasons, including the fact that it escapes input. It escapes all data in $_GET, $_POST, and $_COOKIE using the same rules as the addslashes( ) function. Thus, it does not use an escaping function native to your database. You should always disable get_magic_quotes_gpc for two primary reasons:
|