Magic quotes was a feature of the PHP scripting language, wherein strings are automatically escaped—special characters are prefixed with a backslash—before being passed on.
It was later described as intended to prevent inexperienced developers from writing code that was vulnerable to SQL injection attacks.
[1] The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help [prevent] code written by beginners from being dangerous.
Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user.
Since the operation of magic quotes was behind the scenes and not immediately obvious, developers may have been unaware of their existence and the potential problems that they could introduce.