How to disable magic quotes

You cannot disable magic quotes from .htaccess or php.ini, only from apache httpd.conf file.

You can use PHP to disable magic quotes at runtime. Here is the function:

if (get_magic_quotes_gpc()) {
   function stripslashes_deep($value)
   {
       $value = is_array($value) ?
                   array_map('stripslashes_deep', $value) :
                   stripslashes($value);

       return $value;
   }

   $_POST = array_map('stripslashes_deep', $_POST);
   $_GET = array_map('stripslashes_deep', $_GET);
   $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
   $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}

This function will strip slashes for all REQUEST values. If you make SQL queries with these values, you have to use mysql_real_escape_string function in order to prevent sql injection.

Disabling magic quotes, using Apache and PHP

2 comments:

Anonymous said...: Awesome! Thanks a bunch!; May 18, 2008 at 1:12 AM
Anonymous said...: Nice, thank you; March 16, 2009 at 6:06 PM

Tuesday, November 13, 2007

Disabling magic quotes in PHP

How to disable magic quotes

Disabling magic quotes, using Apache and PHP

2 comments:

PHP code snippets

Affordable Hosting

Blog Archive

Labels

Top Hosting Reviews

PHP, MySQL Articles