It’s not only insecure but it inconveniently commands the use of PHP function stripslashes() every time you pull something from the database or when you get something from the client side. While most of the hosts out there are using factory settings of PHP that turn off magic_quotes_gpc by default, there are a few that don’t.
The value of magic_quotes_gpc cannot be set with the ini_set() function after PHP 4.2.3, some hosts enable custom php.ini in your home directory which you can use to set magic_quotes_gpc to 0 (zero) or false. Otherwise, you’d have to resort to .htaccess to set the PHP configuration values for your local directories.
To turn off magic_quotes and magic_quotes_gpc off in .htaccess, simply put these lines in the .htaccess file of your site / directory wherein you want magic_quotes or magic_quotes_gpc disabled:
php_value magic_quotes 0
php_flag magic_quotes off
php_value magic_quotes_gpc 0
php_flag magic_quotes_gpc off
Pingback: PHP Security Guide & Checklist for Websites and Web Applications – Bottom Line for Every Good PHP Developer
This solution works for me on byethost15 hosting. Thanks you for the solution. Great!
This only works where PHP is loaded as a module.
didn’t work for me, but the host I worked with allowed php.ini, that’s where I turned of magic_quotes successfully
Works fine.
You saved my hours … Great .. Thanks
when i put this code in .htaccess it shows 500 internal server error. can you please help me?
I have the same problem. Error 500