I should be embarrassed about this, and I am. I religiously complain about magic quotes, but code keeps coming back to me from developers who insist on ripping out good controls on illegal or dangerous characters (see SQL injection for example) and relying on magic quotes.

This is an old problem. And, fortunately PHP6 deprecates this feature. But, it won't stop the thousands of lines of code that rely on them from causing you headaches. Beware of PHP6 sorta compliant code when this goes away. It should go away, and I'm happy, and I spend more time dealing with the badly written code using magic quotes or the badly configured server environments that enable it than I do code that requires magic quotes breaking. One is really annoying, the other is quite dangerous.

Posted in tech jasonn's blog