Turn off and disable magic_quotes_gpc in .htaccess

by Yang Yang on May 11, 2010

It’s not only insecure but it inconveniently commands the use of PHP function stripslashes() every time you pull something from the database or when you get something from the client side. While most of the hosts out there are using factory settings of PHP that turn off magic_quotes_gpc by default, there are a few that don’t.

The value of magic_quotes_gpc cannot be set with the ini_set() function after PHP 4.2.3, some hosts enable custom php.ini in your home directory which you can use to set magic_quotes_gpc to 0 (zero) or false. Otherwise, you’d have to resort to .htaccess to set the PHP configuration values for your local directories.

To turn off magic_quotes and magic_quotes_gpc off in .htaccess, simply put these lines in the .htaccess file of your site / directory wherein you want magic_quotes or magic_quotes_gpc disabled:

php_value magic_quotes 0
php_flag magic_quotes off
php_value magic_quotes_gpc 0
php_flag magic_quotes_gpc off
Nopadol S. February 15, 2011 at 11:23 am

This solution works for me on byethost15 hosting. Thanks you for the solution. Great!

Julian Perry April 29, 2011 at 7:30 pm

This only works where PHP is loaded as a module.

makbeta April 28, 2012 at 10:51 am

didn’t work for me, but the host I worked with allowed php.ini, that’s where I turned of magic_quotes successfully

Talmer November 24, 2012 at 1:18 am

Works fine.

Inder March 12, 2013 at 12:54 am

You saved my hours … Great .. Thanks

Syed April 10, 2013 at 1:34 pm

when i put this code in .htaccess it shows 500 internal server error. can you please help me?

nycxav May 19, 2013 at 3:18 am

I have the same problem. Error 500

Comments on this entry are closed.

{ 1 trackback }

Previous post:

Next post: