Concept
The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help code written by beginners from being dangerous." It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries". It originally was intended as a "convenience feature, not as security feature."
The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)
Read more about this topic: Magic Quotes
Famous quotes containing the word concept:
“The concept is interesting: to see, as though reflected
In streaming windowpanes, the look of others through
Their own eyes.”
—John Ashbery (b. 1927)
“Teaching Black Studies, I find that students are quick to label a black person who has grown up in a predominantly white setting and attended similar schools as “not black enough.” ...Our concept of black experience has been too narrow and constricting.”
—bell hooks (b. c. 1955)
“The heritage of the American Revolution is forgotten, and the American government, for better and for worse, has entered into the heritage of Europe as though it were its patrimony—unaware, alas, of the fact that Europe’s declining power was preceded and accompanied by political bankruptcy, the bankruptcy of the nation-state and its concept of sovereignty.”
—Hannah Arendt (1906–1975)