I am developing my first website. My shared hosting provider has magic_quotes_qpc on and doesn't want to change it. As I understand, there is a following problem with password storing: 1. User types in a value like "strong'password" into a registration form. 2. Php writes value "strong/'password" into a DB (or hash based on it). 3. When user wants to log in, he types "strong'password" as a password. 4. Php turns it into "strong/'password" - it is the same value like in DB, so user enters successfully.
And it will work fine until I change hosting provider to another one, without magic_quotes_qpc on. All such accounts will become broken. Using stripslashes will make "strong/password" unstable. Seems like I need to make single and double qutoes forbidden for using in a password.
Did I get the magic quotes algorithm right? If yes, any thoughts about this problem?
If you need to write code which works on both cases, you can use get_magic_quotes_gpc
to check whether it's enabled.
When magic quotes is enabled, use stripslashes
to get rid of the extra slashes, then handle the string as you would when it is not enabled.