• Version: 1.0
• Date: April 15, 2008
• Author: Philip Olson philip@roshambo.org
• Status: Under Discussion
• First Published at: http://wiki.php.net/rfc/magicquotes

This has been discussed a few times, with mixed results, so here is a proposal that deals with Magical Quotes starting with PHP 5.3.0. The purpose of this RFC is to safely deprecate the use of magical quotes as of PHP 5.3.0, and remove as of PHP 6.0.0.

All here agree that magic quotes is not the best solution to any problem, and that people should stop using them. However, people use them. And other people simply leave them on. And even others check for them.

A key distinction exists between getting and setting magic quotes. The getting should remain as okay, whereas the setting should be deprecated, yelled at, and removed. This is an important distinction to realize when evaluating this topic.

So when speaking of E_DEPRECATED and the removal of magic quotes, we speak of the setting and not the getting of said setting. So to be clear, the following code should work in PHP 6 by emitting zero errors:

<?php 
    get_magic_quotes_gpc();     // returns false
    get_magic_quotes_runtime(); // returns false
?>

The following code is to emit an E_DEPRECATED error as of PHP 5.3.0, and the function removed (fatal error) as of PHP 6.0.0:

<?php 
    set_magic_quotes_runtime(); // bad
?>

• Remove E_DEPRECATED warnings from the 5.3 branch for get_*
• Restore get_* functions to PHP 6, and return false

Because programmers enjoy writing portable version friendly code, and have done so for many years both past, present, and future. The idea presented in this RFC is the original decision[1], and as such is still mentioned in NEWS[2] today.

• [1] http://marc.info/?t=114170222600003&r=1&w=2
• [2] http://php.net/php6news