Disabling Magic Quotes using .htaccess file

Magic Quotes is a process that automatically escapes incoming data to the PHP script. It’s preferred to code with magic quotes off and to instead escape the data at runtime, as needed. We can simply turn OFF magic_quotes and magic_quotes_gpc from the php configuration file itself.

1. Disabling Magic Quotes from PHP conf file.
SSH to your server and find the php.ini file by using the command php –ini.

[root@server]# php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File:         /usr/local/lib/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed:      (none)

From php.ini file we can directly disable magic_quotes and magic_quotes_gpc. Open php.ini file using your favurite editor and make the changes as follows:

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off    

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

But in some cases like in shared server this is not a possible way because it has a shared environment.
In such condition we can disable magic_quotes and magic_quotes_gpc by using .htaccess file under a particular domain.

2. Disabling Magic Quotes using .htaccess file
It’s a simple but useful way to disable magic_quotes and magic_quotes_gpc from htaccess file in a server having shared environment.
Create a .htaccess file under the public_html folder of the domain which need to disable magic_quotes and magic_quotes_gpc and put these lines in htaccess file.

php_value magic_quotes 0
php_flag magic_quotes off
php_value magic_quotes_gpc 0
php_flag magic_quotes_gpc off

That’s it..

Post navigation

Arunlal Ashok

DevOps Engineer. Linux lover. Traveller.
Always happy for an open discussion! Write to arun ((@)) crybit ((dot)) com.

Leave a Reply

Your email address will not be published. Required fields are marked *