Hello I want to know why addslashes works automatically on the $_GET and $_POST values. For example if the url is url.com?value=Ruben's+website, it shows "Ruben\'s website" when I echo($_GET["value"]). Why it doesn't show "Ruben's website"? Thank you
I've tried both echo $_GET['value'] and echo($_GET['value']) on my host. Non of them returns escaped values, I'm getting normal value "Ruben's Website". Maybe you have web-server configured to automatically filter and escape query string data to prevent injections & etc...
You should have a look at magic quotes; http://php.net/manual/en/security.magicquotes.php You can disable it using the advice in the above links and you should also note the big red message on that page too
This is due to your magic quotes are enabled from php.ini. You can disable it from php.ini file. or chk this link. http://php.net/manual/en/security.magicquotes.disabling.php
Its good to have that turned on in my opinion, cause you are prone to less or none of the sql injections.
What if your not using SQL...the added slashes can then potentially effect functionality?, which is why its suggested to be disabled so you can choose which to escape and which to not (via mysql_real_escape_string())