Concept
The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help code written by beginners from being dangerous." It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries". It originally was intended as a "convenience feature, not as security feature."
The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)
Read more about this topic: Magic Quotes
Famous quotes containing the word concept:
“Obscenity is a moral concept in the verbal arsenal of the Establishment, which abuses the term by applying it, not to expressions of its own morality, but to those of another.”
—Herbert Marcuse (1898–1979)
“It is impossible to dissociate language from science or science from language, because every natural science always involves three things: the sequence of phenomena on which the science is based; the abstract concepts which call these phenomena to mind; and the words in which the concepts are expressed. To call forth a concept, a word is needed; to portray a phenomenon, a concept is needed. All three mirror one and the same reality.”
—Antoine Lavoisier (1743–1794)
“By speaking, by thinking, we undertake to clarify things, and that forces us to exacerbate them, dislocate them, schematize them. Every concept is in itself an exaggeration.”
—José Ortega Y Gasset (1883–1955)