I'm really confused when I read about the function get_magic_quotes_gpc() in PHP.
Everywhere it's said that the function is deprecated (example).
But what is the default behaviour in PHP 5.3? I used to check, if magic_quotes_gpc in on and stripped all slashes if that was the case, right at the beginning of my script for all POST, GET and COOKIE variables, so that I don't get confused.
But if I shouldn't check for added slashes using get_magic_quotes_gpc(), always removing slashes would result in wrong data, if no slashes are added by PHP 5.3.
I have the same confusion with this
At the moment magic_quotes_gpc is on on my server (PHP 5.2.17), so I need to remove the slashes. But how should I handle this to be prepared for future PHP versions?
Can I somehow set the default values in future during the runtime at the beginning of my script? But what are the default values?
The get_magic_quotes_gpc function isn't deprecated, it's the magic_quotes_gpc config setting that's deprecated.
The solution is to not use the magic_quotes_gpc config setting on your own server, but also use get_magic_quotes_gpc if you want to write robust code that will run on servers that do have the deprecated magic_quotes_gpc setting turned on.
In other words:
magic_quotes_gpc in your config.stripslashes, change it to only call stripslashes if get_magic_quotes_gpc() == 1.