1.2.458. Filter To add_slashes()¶
FILTER_SANITIZE_MAGIC_QUOTES
is deprecated. In PHP 7.4, it should be replaced with addslashes()
According to the migration RDFC : ‘Magic quotes were deprecated all the way back in PHP 5.3 and later removed in PHP 5.4. The filter extension implements a sanitization filter that mimics this behavior of magic_quotes by calling addslashes() on the input in question.’ addslashes() used to filter data while building SQL queries, to prevent injections. Nowadays, prepared queries are a better option.
<?php
// Deprecated way to filter input
$var = filter_input($input, FILTER_SANITIZE_MAGIC_QUOTES);
// Alternative way to filter input
$var = addslashes($input);
?>
See also Deprecations for PHP 7.4.
1.2.458.1. Suggestions¶
Replace
FILTER_SANITIZE_MAGIC_QUOTES
with addslashes()Replace
FILTER_SANITIZE_MAGIC_QUOTES
with an adapted escaping system
1.2.458.2. Specs¶
Short name |
Php/FilterToAddSlashes |
Rulesets |
|
Exakat since |
1.9.9 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Quick (30 mins) |
Precision |
High |
Available in |