Magic
Ned Batchelder on PHP’s magic quotes:
But once you graduate to larger coding projects, or delivering software to someone else’s server, or structuring your code for more modularity, then PHP begins to run out of steam, and its initial strengths become weaknesses.
…and then it’s time to move to Python. ;-)
The problem with PHP’s magic quotes is that it fixes the ‘escaping stuff that has to go in a database’ problem in the wrong place. Automagically escaping single and double quotes in posted data does not make any sense when you want to do something else with the posted data besides immediately storing it in a relational database.
With Python, the Database API automagically takes care of any escaping depending on the column type in the database when you execute a query using the following parameter formatting syntax:
cursor.execute('INSERT INTO table SET body = %s', bodyText)