Knowledgebase

How to Enable or Disable magic_quotes_gpc in PHP: An Advanced Guide

Introduction

The magic_quotes_gpc feature in PHP was initially introduced as a security measure to mitigate SQL injection vulnerabilities. However, it's widely considered outdated and not a robust security solution. It's crucial to adopt more reliable methods like prepared statements when using PDO or MySQLi for database interactions. In this advanced guide, we'll cover how to enable or disable magic_quotes_gpc for those who still need to work with legacy systems.

Prerequisites

• FTP access to your server
• Basic knowledge of .htaccess and PHP configuration
• A text editor for modifying files

Step 1: Log in to Your FTP or SSH Account

Using an FTP client like FileZilla or an SSH client, log in to your server to access the root directory of your website, commonly named public_html or www.

Step 2: Back up the .htaccess and php.ini Files

Before making any changes, ensure you have backups of your .htaccess and php.ini files. This is a critical step for reverting to the previous state in case of errors.

Step 3: Modify the .htaccess File

Navigate to your .htaccess file within your website’s root directory and add the following code to disable magic_quotes_gpc:

# Disable magic_quotes_gpc
php_flag magic_quotes_gpc off

To enable it (not recommended), use:

# Enable magic_quotes_gpc
php_flag magic_quotes_gpc on

Step 4: Handling Server Errors

If a 500 internal server error occurs after modifying your .htaccess file, remove the changes and proceed to modify your PHP file.

Step 5: Using ini_set() in PHP File

Instead of .htaccess, you can disable magic_quotes_gpc in your PHP file by using the ini_set() function: