What are magic quotes runtime in PHP?

AlexV picture AlexV · Jan 22, 2010 · Viewed 7.6k times · Source

I'm totally aware of the aberration of Magic Quotes in PHP, how it is evil and I avoid them like pest, but what are magic_quotes_runtime? From php.ini:

Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.

Is is something I should check if ON and turn OFF with:

set_magic_quotes_runtime(false);

Is it often ON by default? I know it's deprecated in 5.3.0 and removed in 6.0.0 but since my script support 5.1.0+ I would like to know how to handle this in "legacy" PHP (if it's relevant).

Edit: To make things clear I want to exit('Turn OFF Magic Quotes'); when Magic quotes are ON. I'm not relying on them!

Answer

mck89 picture mck89 · Jan 22, 2010

If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.

http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime