Feel the Magic

PHPIf you write any, non trivial PHP script, that reads and writes tekst, you will need to get a feel for the magic in PHP. Because at some point, you start to wonder, where all those backslashes come from. Because quotes in text will grow backslashes with every read-write cycle, like this: \\\\\\\\\"Sure!\\\\\\\\\". So you set out to find out what is going on:

int fwrite ( resource $handle , string $string [, int $length ] )
fwrite() writes the contents of string to the file stream pointed to by handle.
handle:
    A file system pointer resource that is typically created using fopen().
string:
    The string that is to be written.
length:
    If the length argument is given, writing will stop after length bytes have been
    written or the end of string is reached, whichever comes first.

Looks normal so far, but directly below than it reads:

Note that if the length argument is given, then the magic_quotes_runtime
configuration option will be ignored and no slashes will be stripped from string.

But of cause, how stupid of me, clearly if I supply a length argument, I would not want to ignore the slashes (that were added apparently by some other “magic” functionality) and be happy to have them in my file, after all they are magic quotes from the great wizard that was born in Qeqertarsuaq, how could I not want that? Or maybe I am one of those exoteric inclined people that prefer solid design over “magic” kludges? But don’t tell anyone, or the last words I will ever hear are: “Stone him! He is the endoheresiarch!”

If you lookup: “magic_quotes_runtime” you find:

If magic_quotes_runtime is enabled, most functions that return data from any sort
of external source including databases and text files will have quotes escaped with
a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a
single-quote instead of a backslash.

But sure, I should just embrace the magic, why think? If most functions (which, obviously, do “not include functions from PECL.” What ever that means.) returning data from whatever constitutes as external source, I should probably just marvel at the sheer power of the aptly named (for anyone that never used an SQL engine not named sybase) variable “magic_quotes_sybase.” When set, it enforces powerful uber-magic to overwrite the magic that put slashes in front of single quotes. But only single quotes, mind! Apparently it’s magic is not strong enough to change anything else. Leastwise not with “magic_quotes_runtime.” Its effect on “magic_quotes_gpc” is much stronger:

If the magic_quotes_sybase directive is also ON it will completely override
magic_quotes_gpc. Having both directives enabled means only single quotes
are escaped as ''. Double quotes, backslashes and NUL's will remain untouched
and unescaped.

So the lesson learned is that unless you have the gift of speaking in tongues, you better stay away from PHP.


  1. […] any professional-coder should raise an eyebrow. Besides, would you want to clone all that PHP magic stuff into a new runtime system? Next to a PHP compiler, Zaho is also writing a PHP interpreter: […]

Leave a Reply