I decided that I should learn PHP, so I ordered "Programming PHP". As I am reading through, I think to myself that there are a lot of functions that should have been left out of the language, but I am ok with that, it just makes the language a little messy. I got really excited reading chapter six on objects. But then early in chapter seven I read:
To work with strings as typed by the user, you can either disable magic_quotes_gqc in php.ini or use the stripslashes() function on the values in $_GET, $_POST, and $_COOKIES. The correct way to work with a string is as follows:
$value = ini_get('magic_quotes_gpc')
? stripslashes($_GET['word'])
: $_GET['word'];



I am beginning to wonder what type of mentality went into designing this stupid magic_quotes_gpc feature and even worse, why did they make it enabled by default. If they did this, then my guess is that there are a lot more "features" that I had better keep an eye out for.

So what other gotchas are there in PHP that someone learning the language should be aware of.

I decided that I should learn PHP, so I ordered "Programming PHP". As I am reading through, I think to myself that there are a lot of functions that should have been left out of the language, but I am ok with that, it just makes the language a little messy. I got really excited reading chapter six on objects. But then early in chapter seven I read:


I am beginning to wonder what type of mentality went into designing this stupid magic_quotes_gpc feature and even worse, why did they make it enabled by default. If they did this, then my guess is that there are a lot more "features" that I had better keep an eye out for.

So what other gotchas are there in PHP that someone learning the language should be aware of.




HAHAHAHA come on do not learn it are you out of your mind? ;x

You are looking it from the wrong side.
Magic quotes was always there and on, because it helps to safe escape malicious user input, because people coming to PHP don't know much about security until
they are hacked.

You can disable them easily.

Shamelessly taken from php.net
<?php

function clear_magic_quotes()
{
if (get_magic_quotes_gpc()) {
/*
All these global variables are slash-encoded by default,
because magic_quotes_gpc is set by default!
(And magic_quotes_gpc affects more than just $_GET, $_POST, and $_COOKIE)
*/
$_SERVER = stripslashes_array($_SERVER);
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
$_COOKIE = stripslashes_array($_COOKIE);
$_FILES = stripslashes_array($_FILES);
$_ENV = stripslashes_array($_ENV);
$_REQUEST = stripslashes_array($_REQUEST);
$HTTP_SERVER_VARS = stripslashes_array($HTTP_SERVER_VARS);
$HTTP_GET_VARS = stripslashes_array($HTTP_GET_VARS);
$HTTP_POST_VARS = stripslashes_array($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = stripslashes_array($HTTP_COOKIE_VARS);
$HTTP_POST_FILES = stripslashes_array($HTTP_POST_FILES);
$HTTP_ENV_VARS = stripslashes_array($HTTP_ENV_VARS);
if (isset($_SESSION)) #These are unconfirmed (?)
{
$_SESSION = stripslashes_array($_SESSION, '');
$HTTP_SESSION_VARS = stripslashes_array($HTTP_SESSION_VARS, '');
}
/*
The $GLOBALS array is also slash-encoded, but when all the above are
changed, $GLOBALS is updated to reflect those changes. (Therefore
$GLOBALS should never be modified directly). $GLOBALS also contains
infinite recursion, so it's dangerous...
*/
}
}


function stripslashes_array($data)
{
if (is_array($data))
{
foreach ($data as $key => $value)
{
$data[$key] = stripslashes_array($value);
}
return $data;
}
else
{
return stripslashes($data);
}
}

clear_magic_quotes(); // disable magic quotes
?>


Another gotcha of PHP is Register Globals (http://www.php.net/register_globals).

PHP is always evolving, and what might have been a good idea when it was introduced may be a bad idea now.

PHP 6 will see that magic_quotes and register_globals are removed.

remove all magic_* and throw E_CORE_ERROR when set DONE (pierre)
remove register globals DONE (pierre)

You can disable them easily.

Shamelessly taken from php.net
...


Another gotcha of PHP is Register Globals (http://www.php.net/register_globals).

Nice work around.

Oh my you are right I did not think about register globals as being a problem since it is not a default, but just the fact that it is an option could be a problem.