Useful Resources for Web Designers and Developers

Getting Rid of Unwanted Backslashes in WordPress Form Input

August 16, 2009 on General, Tutorials

As I was following the tutorial on How To Create a Theme Options Page for Your WordPress Theme, from, I stumbled upon an irritating issue. I wanted to create an option where you can paste your Google Ad Sense code from the theme admin panel. The problem is, as soon as I drop stuff like HTML code into the field, it automatically adds unwanted backslashes in front of double quotes. As I later figured out, this is actually a “feature” in PHP known as “Magic Quotes”.

What the heck are “Magic Quotes”

For those who know PHP, the language is designed to avoid conflicts in strings (mostly characters used in variables) through the use of escape sequences. Escape sequences are formed by providing a (“\”) backslash in front of characters such as double quotes, to convert them into a literal string. The people who wrote PHP wanted this to be an automated process, so they decided that all text passed through online forms are automatically escaped with a backslash. This is known as Magic Quotes. Although their intentions were good, it has caused more problems than fixes. According to the Magic Quotes are deprecated as of version 5.3 and will not be part of future versions.

WordPress Fix

Although you can disable Magic Quotes in your server php.ini file, it won’t do me any good since I’m developing a theme to be released for public use. This means that users of my theme will have various server configurations and telling them to turn this feature off is simply not an option. Luckily, WordPress has adapted’s function “stripslashes deep” – which disables Magic Quotes at runtime. All you need to do is paste the following code into your theme file and should take care of the issue:

if ( get_magic_quotes_gpc() ) {
    $_POST      = array_map( 'stripslashes_deep', $_POST );
    $_GET       = array_map( 'stripslashes_deep', $_GET );
    $_COOKIE    = array_map( 'stripslashes_deep', $_COOKIE );
    $_REQUEST   = array_map( 'stripslashes_deep', $_REQUEST );

The above code strips slashes when data arrives via $_POST, $_GET, $_COOKIE, and $_REQUEST methods. In my case, I’ve pasted this code inside my functions.php file which contain my theme options. This page alone will serve multiple textarea input fields which will allow special characters such as Google Analytics and AdSense code. Note that this can be used in any page with input fields such as a contact and RSVP forms.

  • Pingback: res4WP | WordPress Tips & Tricks: Getting Rid of Unwanted Backslashes in Wordpress Form Input()

  • wp themes

    Well just posting this expose to conduct that I seize your blog daily.

  • Matt

    Nice. Worked for me. Thanks

  • Kit

    Was having this problem with a wordpresss theme that had built in theme options for AdSense. Your bit of Code still works.

    tanks spanky

  • Cristian

    Very useful. Just what I was looking for. You rock!

  • David

    Where do I paste this in the functions file please? Pulling my hair out.

    I’ve tried it before the post method, at the end very of the document and at the start.

    Any advice much appreciated!


    • michael soriano

      you can paste anywhere in functions.php

      • tim

        Unfortunately by adding this piece of code at the end of functions.php I get internal server error 500.

  • Torn & Frayed

    Hi there Micheal, I’m having the same internal server error as Tim… I guess your method is the best out there, but I’d love to get it working! Any idea about where’s exactly the best place to add your piece of code? Thanks in advance, take care.

  • Malcolm

    Worked like a charm. Thank you so much!

  • Pingback: Plugin – Inline PHP – The Backslash Affair in Wordpress – Project TZ()

  • Ben


  • Dave Wright

    The wordpress shopp plugin seems to have a problem including these rogue slashes in notification emails to customers. Your snippet cleared them up. Thanks!

  • Berghain Nightclub

    Hi, I know this is an old post, but I’d just like to thank you for posting this up – I was pulling my hair out when this problem occured on my site (especially because magic quotes was off), but adding the above code solved the problem! Cheers!

  • JD

    Thank you so much for posting this!!

    For anyone that is having problems, it is probably because `if ( get_magic_quotes_gpc() )` is evaluating to FALSE for some reason on certain servers, even though WordPress is turning magic_quotes on. It may work for you if you just leave out the if statement. But if you do that (like I had to), you will need to remove that code when WordPress eventually get’s this right and reforms their use of magic_quotes, or it will strip out slashes that are supposed to be their, like in links, etc.

    Hope that helps somebody.

  • Christoffer Riess

    Thank you!.

    I just had into my web server

    under “get_magic_quotes_gpc” it should be on

    when I install WordPress. but apparently off when I use WordPress.

    now it works again without problem!

  • Vaibhav Bhanushali

    i ran this code to make it work

    if ( get_magic_quotes_gpc() ) {
    $_POST = array_map( ‘stripslashes_deep’, $_POST );
    $_GET = array_map( ‘stripslashes_deep’, $_GET );
    $_COOKIE = array_map( ‘stripslashes_deep’, $_COOKIE );
    $_REQUEST = array_map( ‘stripslashes_deep’, $_REQUEST );
    } else {

    $_POST = array_map( ‘stripslashes_deep’, $_POST );
    $_GET = array_map( ‘stripslashes_deep’, $_GET );
    $_COOKIE = array_map( ‘stripslashes_deep’, $_COOKIE );
    $_REQUEST = array_map( ‘stripslashes_deep’, $_REQUEST );

    • bryceadams

      You might as well just do it without any conditional.

      $_POST = array_map( ‘stripslashes_deep’, $_POST );
      $_GET = array_map( ‘stripslashes_deep’, $_GET );
      $_COOKIE = array_map( ‘stripslashes_deep’, $_COOKIE );
      $_REQUEST = array_map( ‘stripslashes_deep’, $_REQUEST );

  • Pingback: wp automatically escaping global vars! : Willing wheels()

  • Pingback: Stripslashes in textarea in a Wordpress plugin option |

  • cracki

    Thank You