Search Our Database

How to disable Magic Quotes GPC

Last updated on |

Introduction

Magic Quotes was a feature in older PHP versions that automatically escaped special characters like quotes in incoming data to protect against SQL injection. However, it often caused more problems than it solved, leading to its deprecation in PHP 5.3.0 and complete removal in PHP 5.4.0. Modern PHP development encourages manual handling of data sanitization.

If you’re using an older PHP version where Magic Quotes GPC might still be enabled, this guide will help you disable it.

 

Prerequisite

Before proceeding, make sure you have:

  • Access to your server through FTP, Control Panel (e.g., DirectAdmin or cPanel), or SSH.
  • Basic knowledge of file management and working with .htaccess files.
  • An older PHP version (5.3 or earlier) where Magic Quotes GPC might still be active.
Warning: Magic Quotes is a deprecated feature, and using outdated PHP versions poses security risks. It is strongly recommended to upgrade to a supported PHP version to ensure your server’s security and compatibility with modern applications.

 

Step-by-Step Guide

  1. Access Your public_html Directory
    • To start, access your website’s root directory, commonly known as public_html. You can achieve this using:
      • FTP Client (e.g., FileZilla): Log in using your FTP credentials, then navigate to the public_html folder.
      • Control Panel File Manager: Log into your hosting provider’s control panel (e.g., DirectAdmin or cPanel), open File Manager, and navigate to public_html.
      • SSH: Use the following command to navigate to the public_html directory
        cd /path/to/public_html
        
  2. Create or Edit the .htaccess File
    • After accessing public_html, check if a .htaccess file already exists. If it doesn’t, you can create one. The .htaccess file allows you to configure specific server behaviors for your website.
      • Using FTP or File Manager: Right-click inside the public_html directory, select Create New File, and name it .htaccess.
      • Using SSH: You can create a .htaccess file using the following command
        touch .htaccess
        
  3. Add the Configuration to Disable Magic Quotes
    • Once you have the .htaccess file ready, you need to add the necessary configuration to disable Magic Quotes GPC.
      • Using FTP or File Manager: Open the .htaccess file in a text editor, add the following line, and save the changes
      • Using SSH: Open the .htaccess file using a text editor like nano or vim, then add the line
        php_flag magic_quotes_gpc Off
        
      • This will disable Magic Quotes GPC on servers running PHP 5.3 or earlier.
  4. Verify the Configuration
    • To confirm that Magic Quotes GPC has been disabled, create a file named phpinfo.php in your public_html directory with the following content:
      <?php
      phpinfo();
      ?>
    • Visit http://yourdomain.com/phpinfo.php in your browser and check the status of Magic Quotes GPC it should display Off.

 

Conclusion

By following these steps, you have successfully disabled Magic Quotes GPC, allowing better control over data sanitization and enhancing your PHP environment’s security.

For additional assistance or if you encounter any issues, please contact our support team at support@ipserverone.com.

 

Article posted on 22 Feb 2020 by Louis