3.3.3 How to disable Magic Quotes Gpc
Magic Quotes is a functionality that was first introduced in PHP to automatically escape quotes and backslashes (\
) in data submitted through HTTP requests. It was developed to protect against SQL injections and other security attacks. The feature automatically adds a backslash before each quote and backslash in variables coming through HTTP requests ($_GET
, $_POST
, and $_COOKIE
) to PHP scripts.
Magic Quotes were intended to simplify the processing of data coming through HTTP requests and reduce the risk of SQL injections. However, since they are applied automatically and can lead to unpredictable behavior, their use has become obsolete and is no longer recommended. The extension was officially removed from PHP starting with version 7.4.0. Disabling Magic Quotes allows you to manually control data processing and escaping, providing greater flexibility and security in PHP programs.
Managing Magic Quotes Gpc
Depending on the PHP operation mode of your website (PHP as CGI or PHP as Apache), you can manage the extension using php.ini
or .htaccess
files. More about the configuration file php.ini.
To disable Magic Quotes on PHP 5.2 or 5.3, follow these steps:
1. If PHP for the WWW domain is set to CGI mode:
- Log in as a user to the file manager in the php-bin folder.
- Set permissions 600 for the php.ini file.
- In the php.ini file, specify the following lines:
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
2. If PHP for the WWW domain is enabled in Apache module mode, specify the following lines in the www/domain_name/.htaccess file:
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag magic_quotes_sybase Off
Important: The extension is enabled by default only for PHP 5.2 and 5.3 versions. Starting with PHP 7.4, the functionality has become obsolete and was removed. Official documentation.