PhpSecInfo Test Information
Determines if magic_quotes_gpc is enabled.
The magic quotes option was introduced to help protect developers from SQL injection attacks. It effectively executes addslashes() on all information received over GET, POST or COOKIE. Unfortunately this protection isn't perfect: there are a series of other characters that databases interpret as special not covered by this function. In addition, data not sent direct to databases must un-escaped before it can be used.
Because it's inconsistent and ineffective, it's not recommended that magic_quotes_gpc be enabled. Rely on input filtering done by your scripts.
You can disable magic_quotes_gpc in the php.ini file:
; Disable magic_quotes_gpc
magic_quotes_gpc = 'off'
The setting can also be disabled in apache's httpd.conf file, or an .htaccess file:
# Disable magic_quotes_gpc
php_flag magic_quotes_gpc off
things that should always be turned off in php.ini on a live system