Comments on: WordPress and PHP magic quotes: you want to run me crazy! http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy Release Candidate Fri, 03 Feb 2012 12:07:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Ryan http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-43672 Ryan Wed, 18 Jan 2012 15:48:41 +0000 http://www.satollo.net/?p=350#comment-43672 THANK YOU! I thought I was going insane. THANK YOU! I thought I was going insane.

]]>
By: Stefano http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-17537 Stefano Sat, 30 Apr 2011 20:53:45 +0000 http://www.satollo.net/?p=350#comment-17537 You are absolutely right! You are absolutely right!

]]>
By: Mark Barnes http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-17448 Mark Barnes Fri, 29 Apr 2011 15:12:13 +0000 http://www.satollo.net/?p=350#comment-17448 This was driving me insane, too. Thanks for the post. Two corrections (presumably Wordpress updates since you posted): The magic is now done in wp-includes/load.php $_REQUEST is created AFTER adding slashes, so is always escaped. This was driving me insane, too. Thanks for the post. Two corrections (presumably WordPress updates since you posted):

The magic is now done in wp-includes/load.php

$_REQUEST is created AFTER adding slashes, so is always escaped.

]]>
By: Peter http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-8650 Peter Sat, 08 Jan 2011 14:29:50 +0000 http://www.satollo.net/?p=350#comment-8650 Very useful indeed. I had a theme that a really like but found it was adding slashes into a particular field. And it turned it was the the Magic Quotes function, so I added the strip slashes to the theme and it worked! Sheesh. Something so simple, yet someone missed in creating the theme. Very useful indeed. I had a theme that a really like but found it was adding slashes into a particular field. And it turned it was the the Magic Quotes function, so I added the strip slashes to the theme and it worked!

Sheesh. Something so simple, yet someone missed in creating the theme.

]]>
By: WordPress and Magic Quotes http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-3070 WordPress and Magic Quotes Mon, 30 Aug 2010 05:57:10 +0000 http://www.satollo.net/?p=350#comment-3070 [...] is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook [...] [...] is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook [...]

]]>
By: Stefano http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-2401 Stefano Wed, 23 Jun 2010 05:16:40 +0000 http://www.satollo.net/?p=350#comment-2401 I think wordpress guys decided to work this way to uniform the request format ove the so many php configuration worldwide. From php 6 magic quotes Are deprecate as i know I think wordpress guys decided to work this way to uniform the request format ove the so many php configuration worldwide.
From php 6 magic quotes Are deprecate as i know

]]>
By: John R http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-2397 John R Tue, 22 Jun 2010 20:19:45 +0000 http://www.satollo.net/?p=350#comment-2397 Thanks for the article. I'd been wandering around the Codex site wondering why the hell slashes were getting added to all of my request data when I always work without magic_quotes on. I don't even understand why this is happening - as even with adding slashes, SQL injection can still occur if the queries are not escaped with proper SQL escape functions. All this can really lead to is bad programming practice for the newer plugin developers as they will see data 'escaped' automatically and assume that it's OK. Thanks for the article.

I’d been wandering around the Codex site wondering why the hell slashes were getting added to all of my request data when I always work without magic_quotes on.

I don’t even understand why this is happening – as even with adding slashes, SQL injection can still occur if the queries are not escaped with proper SQL escape functions.

All this can really lead to is bad programming practice for the newer plugin developers as they will see data ‘escaped’ automatically and assume that it’s OK.

]]>