Comments on: WordPress and PHP magic quotes: you want to run me crazy!

By: Ryan

Ryan — Wed, 18 Jan 2012 15:48:41 +0000

THANK YOU! I thought I was going insane.

By: Stefano

Stefano — Sat, 30 Apr 2011 20:53:45 +0000

You are absolutely right!

By: Mark Barnes

Mark Barnes — Fri, 29 Apr 2011 15:12:13 +0000

This was driving me insane, too. Thanks for the post. Two corrections (presumably WordPress updates since you posted):

The magic is now done in wp-includes/load.php

$_REQUEST is created AFTER adding slashes, so is always escaped.

By: Peter

Peter — Sat, 08 Jan 2011 14:29:50 +0000

Very useful indeed. I had a theme that a really like but found it was adding slashes into a particular field. And it turned it was the the Magic Quotes function, so I added the strip slashes to the theme and it worked!

Sheesh. Something so simple, yet someone missed in creating the theme.

By: WordPress and Magic Quotes

WordPress and Magic Quotes — Mon, 30 Aug 2010 05:57:10 +0000

[...] is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook [...]

By: Stefano

Stefano — Wed, 23 Jun 2010 05:16:40 +0000

I think wordpress guys decided to work this way to uniform the request format ove the so many php configuration worldwide.
From php 6 magic quotes Are deprecate as i know

By: John R

John R — Tue, 22 Jun 2010 20:19:45 +0000

Thanks for the article.

I’d been wandering around the Codex site wondering why the hell slashes were getting added to all of my request data when I always work without magic_quotes on.

I don’t even understand why this is happening – as even with adding slashes, SQL injection can still occur if the queries are not escaped with proper SQL escape functions.

All this can really lead to is bad programming practice for the newer plugin developers as they will see data ‘escaped’ automatically and assume that it’s OK.