As we know, the magic quotes in PHP is already deprecated, this is done

Question

0

Asked: May 15, 20262026-05-15T23:22:00+00:00 2026-05-15T23:22:00+00:00

As we know, the magic quotes in PHP is already deprecated, this is done

0

As we know, the magic quotes in PHP is already deprecated, this is done to discourage relying on this feature for preventing SQL Injection and to encourage developers to develop database specific escaping mechanisms.[Source: php.net] Is this really neccessary?

If Yes,

Why? Why can’t we just use functions like mysql_real_escape_string(), addslashes() and stripslashes() to achieve the same thing instead of developing a different escaping mechanisms?

An answer with example will be appreciated. Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T23:22:01+00:00

Editorial Team

2026-05-15T23:22:01+00:00Added an answer on May 15, 2026 at 11:22 pm

mysql_real_escape_string() already is a database specific escaping mechanism 🙂

If you are choosing a database layer for a new project, be sure to take a look at PDO whose prepared statements will automatically take care of any necessary escaping.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

As we know, the magic quotes in PHP is already deprecated, this is done

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply