Knowledgebase:
How do I enable/disable magic_quotes_gpc for my PHP scripts?
Posted by Support, Last modified by Support on 06 April 2009 03:36 PM
The magic quotes option was introduced to help protect developers from SQL injection attacks. It effectively executes addslashes() on all information received over GET, POST or COOKIE. Unfortunately this protection isn't perfect: there are a series of other characters that databases interpret as special not covered by this function. In addition, data not sent direct to databases must un-escaped before it can be used. Because it's inconsistent and ineffective, it's not recommended that magic_quotes_gpc be enabled. Its recommended that your php scripts have programming/input filtering done so that your databases and site is protected.

1. Login into your FTP account using an FTP program
2. Modify your .htaccess file in the html folder and do the following:

You can disable magic_quotes_gpc in the .htaccess file by adding:

# Disable magic_quotes_gpc
php_flag magic_quotes_gpc off

If your PHP script needs magic_quotes_gpc enabled, you can enable it in the .htaccess file by adding:

# Enable magic_quotes_gpc
php_flag magic_quotes_gpc on

If you get a 500 internal server error once you have put the above settings in your .htaccess file, remove them from the .htaccess file and add the following to your php file:
To disable:
ini_set ('magic_quotes_gpc', 0);
To enable:
ini_set ('magic_quotes_gpc', 1);
(1204 vote(s))
Helpful
Not helpful

Comments (0)