Wordpress - Wordpress and magic quotes

Simply put WP turns indeterminate situation (magic quotes might or might not be enabled in server configuration) into determinate (magic quotes are always present and server configuration does not matter).

Rather than messing with this for all WP core it makes much more sense to simply strip slashes in your code on your own variables, when you need that.


The current behavior in WordPress is best practice based on the compatibility of all PHP systems and configurations. WordPress has always normalized $_GET, $_POST, $_COOKIE, and $_SERVER to be slashed, and expect that it will continue to do so.

So, to extract a POST or a GET parameter we have to write:

$value = stripslashes_deep($_POST['name']); or

$value = stripslashes_deep($_GET['name']);

Tags:

Php

Plugins