Can you explain exactly what all of the code below does. Thanks if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; PHP:
get_magic_quotes_gpc returns true or false depending on one setting in php configuration if it is true it means that php is set to automatically 'escape' some characters when receiving data for example you have textarea with value: and this data is submitted (get/post - does not matter) when php receives the data it will automatically convert it to: if the setting was 'false' then php will not change input data (this was the first line of the code) so what the code actually does: checks what is the value of that setting (magic_quotes_gpc is its name) if it is false then the if statement will look like this: if(!false) { PHP: which is exual to : if(true) { PHP: so, in this case php will go into the code after if statement addslashes is php function which does the same 'escaping', I mentioner earlier. the difference is that you can use it on some specific data, and call it just when you need it to get more details into what addslashes works: http://php.net/addslashes so, the code checks if the php has already escaped $_POST['username'], and if it is not, it escape it manually the last part is just assigning escaped $_POST['username'] value to some variable now why would one want to do such escaping one of the reasons is mentioned on manual page for addslashes PHP manual is one of best manuals I have used, read it
Magic is not a good thing when it comes to programming, avoid it. Theres a good reason why things like magic quotes and register globals will be removed from PHP6 completely.