Comments on: WordPress and PHP magic quotes: you want to run me crazy! http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy Release Candidate Fri, 10 Sep 2010 19:38:48 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: WordPress and Magic Quotes http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-3070 WordPress and Magic Quotes Mon, 30 Aug 2010 05:57:10 +0000 http://www.satollo.net/?p=350#comment-3070 [...] is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook [...] [...] is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook [...]

]]> By: Stefano http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-2401 Stefano Wed, 23 Jun 2010 05:16:40 +0000 http://www.satollo.net/?p=350#comment-2401 I think wordpress guys decided to work this way to uniform the request format ove the so many php configuration worldwide. From php 6 magic quotes Are deprecate as i know I think wordpress guys decided to work this way to uniform the request format ove the so many php configuration worldwide.
From php 6 magic quotes Are deprecate as i know

]]> By: John R http://www.satollo.net/wordpress-and-php-magic-quotes-you-want-run-me-crazy/comment-page-1#comment-2397 John R Tue, 22 Jun 2010 20:19:45 +0000 http://www.satollo.net/?p=350#comment-2397 Thanks for the article. I'd been wandering around the Codex site wondering why the hell slashes were getting added to all of my request data when I always work without magic_quotes on. I don't even understand why this is happening - as even with adding slashes, SQL injection can still occur if the queries are not escaped with proper SQL escape functions. All this can really lead to is bad programming practice for the newer plugin developers as they will see data 'escaped' automatically and assume that it's OK. Thanks for the article.

I’d been wandering around the Codex site wondering why the hell slashes were getting added to all of my request data when I always work without magic_quotes on.

I don’t even understand why this is happening – as even with adding slashes, SQL injection can still occur if the queries are not escaped with proper SQL escape functions.

All this can really lead to is bad programming practice for the newer plugin developers as they will see data ‘escaped’ automatically and assume that it’s OK.

]]>