Simon Willison’s Weblog

Subscribe

In what circumstances should one use “magic quotes” in PHP?

25th August 2010

My answer to In what circumstances should one use “magic quotes” in PHP? on Quora

Absolutely never. Magic quotes was a badly designed feature, and PHP has been trying to escape its legacy for years. If you are constructing SQL strings using string concatenation you’re asking for trouble—use prepared statements or a library that interpolates and correctly escapes variables for you.

Posted 25th August 2010 at 3:05 pm · Follow me on Mastodon, Bluesky, Twitter or subscribe to my newsletter

More recent articles

This is In what circumstances should one use “magic quotes” in PHP? by Simon Willison, posted on 25th August 2010.

Next: What is the best way to learn about setting up server software for Python based web apps?

Previous: Why do some people disable JavaScript in their browser?

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe