magic_quotes_gpc (boolean):

According to PHP’s document, magic_quotes_gpc sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ’ (single-quote), ” (double quote), (backslash) and NUL’s are escaped with a backslash automatically.

So if magic_quotes_gpc is on, probably the webpage outputs include lots of ” like link. How to remove the blackslash? A quick way to clean up magic quotes is to use:

stripslashes($_POST['text']);

However, here is a super way to clear all backslash Recursively which is from PHP documentation.

if (get_magic_quotes_gpc()) {
  function stripslashes_deep($value) {
    $value = is_array($value) ?
      array_map('stripslashes_deep', $value) :
      stripslashes($value);
    return $value;
  }
  $_POST = array_map('stripslashes_deep', $_POST);
  $_GET = array_map('stripslashes_deep', $_GET);
  $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
  $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}

By this way, if magic_quotes are on, all the HTTP request are checked to remove backslash(”) by using stripslashes() automatically before further steps.

Does the magic quotes is ‘On’ by default?

I check the php.ini:

; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/magic-quotes-gpc
magic_quotes_gpc = Off

It is ‘Off’ by default. So by default, there is no backslash(”) for all the above specialchars, I have to manually add by addslashes(), or escape by htmlspecialchars(), mysql_real_escape_string() etc.

get_magic_quotes_gpc

Wheather magic_quotes_gpc is available or not? we use get_magic_quotes_gpc()() to get the current configuration setting of magic_quotes_gpc. get_magic_quotes_gpc — Gets the current configuration setting of magic_quotes_gpc. In the above example (magic_quotes_gpc=Off), the get_magic_quotes_gpc() will return false.