===== Request for Comments: Magical Quotes in PHP =====
  * Version: 1.0
  * Date: April 15, 2008
  * Last updated: April 16, 2008
  * Author: Philip Olson <philip@roshambo.org>
  * Status: Accepted
  * Note: //This RFC is about PHP 6.0 (our old HEAD/Trunk) and NOT PHP 5.4//
  * First Published at: http://wiki.php.net/rfc/magicquotes
  * Followed up by: [[rfc/magicquotes_finale]] for PHP 5.4

===== Introduction =====

This has been discussed a few times, with mixed results, so here is a proposal that deals with Magical Quotes starting with PHP 5.3.0. The purpose of this RFC is to safely deprecate the use of magical quotes as of PHP 5.3.0, and remove as of PHP 6.0.0. 

===== Common Misconceptions =====

All here agree that magic quotes is not the best solution to any problem, and that people should stop using them.  However, people use them. And other people simply leave them on. And even others check for them.

===== Getting versus Setting =====

A key distinction exists between getting and setting magic quotes. The getting should remain as okay, whereas the setting should be deprecated, yelled at, and removed. This is an important distinction to realize when evaluating this topic.

===== Getting remains =====

So when speaking of E_DEPRECATED and the removal of magic quotes, we speak of the setting and not the getting of said setting. So to be clear, the following code should work in PHP 6 by emitting zero errors:

<code php>
<?php 
    get_magic_quotes_gpc();     // returns false
    get_magic_quotes_runtime(); // returns false
?>
</code>

===== Setting is removed =====

The following code is to emit an E_DEPRECATED error as of PHP 5.3.0, and the function removed (fatal error) as of PHP 6.0.0:

<code php>
<?php 
    set_magic_quotes_runtime(); // bad
?>
</code>

Also, as currently done, setting magic quotes via the directive (like in php.ini) to //on// should produce a fatal error in PHP 6, but continue to do nothing if set to //off//. In PHP 5.3 this is to produce an //E_DEPRECATED// when set to //on//, but do nothing when setting to //off//.

===== Required changes from today =====

  * Remove E_DEPRECATED warnings from the 5.3 branch for get_*
  * Restore get_* functions to PHP 6, and return false

===== Why do this? =====

Because programmers enjoy writing portable version friendly code, and have done so for many years both past, present, and future. The idea presented in this RFC is the original decision[1], and as such is still mentioned in NEWS[2] today.

===== Questions =====

The main concern with this RFC is how we default magic_quotes_gpc to On in PHP 5.2 but suddenly set it to off with an E_DEPRECATED error in PHP 5.3. If this remains then an extremely strong education effort must be executed.

===== References =====

  * [1] http://marc.info/?t=114170222600003&r=1&w=2
  * [2] http://php.net/php6news