<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Disabling Magic Quotes</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.whynot.html">Why not to use Magic Quotes</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.hiding.html">Hiding PHP</a></div> <div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="security.magicquotes.disabling" class="sect1"> <h2 class="title">Disabling Magic Quotes</h2> <p class="para"> The <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a> directive may only be disabled at the system level, and not at runtime. In otherwords, use of <span class="function"><a href="function.ini-set.html" class="function">ini_set()</a></span> is not an option. </p> <p class="para"> <div class="example" id="example-346"> <p><strong>Example #1 Disabling magic quotes server side</strong></p> <div class="example-contents"><p> An example that sets the value of these directives to <em>Off</em> in <var class="filename">php.ini</var>. For additional details, read the manual section titled <a href="configuration.changes.html" class="link">How to change configuration settings</a>. </p></div> <div class="example-contents screen"> <div class="cdata"><pre> ; Magic quotes ; ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off </pre></div> </div> <div class="example-contents"><p> If access to the server configuration is unavailable, use of <var class="filename">.htaccess</var> is also an option. For example: </p></div> <div class="example-contents screen"> <div class="cdata"><pre> php_flag magic_quotes_gpc Off </pre></div> </div> </div> </p> <p class="para"> In the interest of writing portable code (code that works in any environment), like if setting at the server level is not possible, here's an example to disable <a href="info.configuration.html#ini.magic-quotes-gpc" class="link"> magic_quotes_gpc</a> at runtime. This method is inefficient so it's preferred to instead set the appropriate directives elsewhere. </p> <p class="para"> <div class="example" id="example-347"> <p><strong>Example #2 Disabling magic quotes at runtime</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">get_magic_quotes_gpc</span><span style="color: #007700">()) {<br /> </span><span style="color: #0000BB">$process </span><span style="color: #007700">= array(&</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">, &</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">, &</span><span style="color: #0000BB">$_COOKIE</span><span style="color: #007700">, &</span><span style="color: #0000BB">$_REQUEST</span><span style="color: #007700">);<br /> while (list(</span><span style="color: #0000BB">$key</span><span style="color: #007700">, </span><span style="color: #0000BB">$val</span><span style="color: #007700">) = </span><span style="color: #0000BB">each</span><span style="color: #007700">(</span><span style="color: #0000BB">$process</span><span style="color: #007700">)) {<br /> foreach (</span><span style="color: #0000BB">$val </span><span style="color: #007700">as </span><span style="color: #0000BB">$k </span><span style="color: #007700">=> </span><span style="color: #0000BB">$v</span><span style="color: #007700">) {<br /> unset(</span><span style="color: #0000BB">$process</span><span style="color: #007700">[</span><span style="color: #0000BB">$key</span><span style="color: #007700">][</span><span style="color: #0000BB">$k</span><span style="color: #007700">]);<br /> if (</span><span style="color: #0000BB">is_array</span><span style="color: #007700">(</span><span style="color: #0000BB">$v</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">$process</span><span style="color: #007700">[</span><span style="color: #0000BB">$key</span><span style="color: #007700">][</span><span style="color: #0000BB">stripslashes</span><span style="color: #007700">(</span><span style="color: #0000BB">$k</span><span style="color: #007700">)] = </span><span style="color: #0000BB">$v</span><span style="color: #007700">;<br /> </span><span style="color: #0000BB">$process</span><span style="color: #007700">[] = &</span><span style="color: #0000BB">$process</span><span style="color: #007700">[</span><span style="color: #0000BB">$key</span><span style="color: #007700">][</span><span style="color: #0000BB">stripslashes</span><span style="color: #007700">(</span><span style="color: #0000BB">$k</span><span style="color: #007700">)];<br /> } else {<br /> </span><span style="color: #0000BB">$process</span><span style="color: #007700">[</span><span style="color: #0000BB">$key</span><span style="color: #007700">][</span><span style="color: #0000BB">stripslashes</span><span style="color: #007700">(</span><span style="color: #0000BB">$k</span><span style="color: #007700">)] = </span><span style="color: #0000BB">stripslashes</span><span style="color: #007700">(</span><span style="color: #0000BB">$v</span><span style="color: #007700">);<br /> }<br /> }<br /> }<br /> unset(</span><span style="color: #0000BB">$process</span><span style="color: #007700">);<br />}<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="security.magicquotes.whynot.html">Why not to use Magic Quotes</a></div> <div class="next" style="text-align: right; float: right;"><a href="security.hiding.html">Hiding PHP</a></div> <div class="up"><a href="security.magicquotes.html">Magic Quotes</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>