Concept
The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help code written by beginners from being dangerous." It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries". It originally was intended as a "convenience feature, not as security feature."
The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)
Read more about this topic: Magic Quotes
Famous quotes containing the word concept:
“The nearer a conception comes towards finality, the nearer does the dynamic relation, out of which this concept has arisen, draw to a close. To know is to lose.”
—D.H. (David Herbert)
“The concept of a person is logically prior to that of an individual consciousness. The concept of a person is not to be analysed as that of an animated body or an embodied anima.”
—Sir Peter Frederick Strawson (b. 1919)
“Obscenity is a moral concept in the verbal arsenal of the Establishment, which abuses the term by applying it, not to expressions of its own morality, but to those of another.”
—Herbert Marcuse (1898–1979)