How do I enable/disable magic quotes gpc for my PHP scripts? Print

  • 53

How to Enable or Disable magic_quotes_gpc in PHP: An Advanced Guide


The magic_quotes_gpc feature in PHP was initially introduced as a security measure to mitigate SQL injection vulnerabilities. However, it's widely considered outdated and not a robust security solution. It's crucial to adopt more reliable methods like prepared statements when using PDO or MySQLi for database interactions. In this advanced guide, we'll cover how to enable or disable magic_quotes_gpc for those who still need to work with legacy systems.


  • FTP access to your server
  • Basic knowledge of .htaccess and PHP configuration
  • A text editor for modifying files

Step 1: Log in to Your FTP or SSH Account

Using an FTP client like FileZilla or an SSH client, log in to your server to access the root directory of your website, commonly named public_html or www.

Step 2: Back up the .htaccess and php.ini Files

Before making any changes, ensure you have backups of your .htaccess and php.ini files. This is a critical step for reverting to the previous state in case of errors.

Step 3: Modify the .htaccess File

Navigate to your .htaccess file within your website’s root directory and add the following code to disable magic_quotes_gpc:

# Disable magic_quotes_gpc
php_flag magic_quotes_gpc off

To enable it (not recommended), use:

# Enable magic_quotes_gpc
php_flag magic_quotes_gpc on

Step 4: Handling Server Errors

If a 500 internal server error occurs after modifying your .htaccess file, remove the changes and proceed to modify your PHP file.

Step 5: Using ini_set() in PHP File

Instead of .htaccess, you can disable magic_quotes_gpc in your PHP file by using the ini_set() function:

// Disable magic_quotes_gpc
ini_set('magic_quotes_gpc', '0');
To enable it (again, not recommended):
// Enable magic_quotes_gpc
ini_set('magic_quotes_gpc', '1');

Conclusion: Opt for Modern Security Practices

While magic_quotes_gpc may have been useful in its time, it’s not recommended to rely on it for security. Modern best practices suggest using technologies like prepared statements with PDO or MySQLi. Understanding these newer methods will offer a more secure and efficient database interaction environment.

Further Reading and Support

For more detailed instructions and troubleshooting, you can refer to our comprehensive knowledge base at or submit a ticket for specific issues at


Was this answer helpful?

« Back