Home/ Questions/Q 747597
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T14:13:25+00:00

If I have magic_quotes switched on and I use mysql_real_escape_string , will the string

  • 0

If I have magic_quotes switched on and I use mysql_real_escape_string, will the string be double escaped? Will it cause problems?

I assume so based on the get_magic_quotes() function but just seeking confirmation.

(P.S. It’s easier to ask this question than test it in my office with all the security we have in place – It takes me 10-15 to configure everything to get a usable environment)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you escape a value obtained from get/post/cookie input, it will already have addslashes() applied to it, so passing it through mysql_real_escape_string() will in fact, double quote.

    To strip em:

    if (get_magic_quotes_gpc())
{
    $_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
    $_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
    $_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
    $_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
    ini_set('magic_quotes_gpc', 0);
}

    This question has some other options for stripping quotes / dealing with the horrible magic_quotes_gpc PHP ‘feature’.

    • 0