get_magic_quotes_gpc PHP Function & data filtering

get_magic_quotes_gpc()

There is a PHP feature or function called as magic quotes that was created to help protect newbie programmers from writing bad form processing code. Magic quotes will automatically escape risky form data that might be used for SQL Injection with a backslash \.

 

The characters escaped by PHP magic quotes includes : quote ‘, double quote “, backslash \ and NULL characters.

 

You need to check to see if you have magic quotes enabled on you server. The get_magic_quotes_gpc function will return a 0 (off) or a 1 (on).

 

[php]
<?php
/* function to insert the data in database safely */
function filter($str)
{
$str = trim($str);
if (!get_magic_quotes_gpc()) {
return addslashes($str);
} else {
return $str;
}
}
?>
[/php]

Get back data from database and remove the filter (to remove the slashes).

 

[php]
<?php
/* function to remove the slashes that was the added during the data insertion in database */
function remove_filter($str)
{
return stripcslashes($str);
}
?>
[/php]

In the later version of PHP 5.4 or later it will always returns FALSE because the magic quotes feature was removed.

 

We can get_magic_quotes_gpc will deprecated in later versions of PHP.