Managing Magic Quotes

Built in to PHP is a handy feature referred to as Magic Quotes. Magic Quotes when enabled will automaticlly escape single and double quotation marks in the value of the retrieved variables.

If Magic Quotes is enabled on your server, you can undo its effect sing the stripslashs() function.

$var = stripslashs($var);

This function remove any blackslashes found in $var.

In PHP there are two main types of Magic Quotes: magic_quotes_gpc, which applies to form, URL and cokie data(gpc stand for get, post, cookies) and magic_quotes_runtime, which applies to data retried form external files ad databases.

PHP includes a third from of Magic Qutoes-magic_quotes_sybase- which has its own peculirities and less offen used.

To use Magic Quotes:

Open handle_form.php and add.

$name = stripslashes($name);
$comments = stripslashes($comments);

This function remove any blackslashes found in $var.

A double bacxkslashed (\\) will be turned into a single backslash by the stripslashes() function.

Opposite of the srtipslashs()function, addslashes()

When working with strings stemming from forms, its a good idea to use the trim() function, which removes exess white spaces from both ends of the value.
$name = trim($name);