How to Disable PHP Magic Quotes at Runtime

How can I disable PHP magic quotes at runtime?

Only magic_quoted_runtime can be disabled at runtime. But magic_quotes_gpc can’t be disabled at runtime (PHP_INI_ALL changable until PHP 4.2.3, since then PHP_INI_PERDIR); you can only remove them:

if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

For further information see Disabling Magic Quotes.

Disabling magic quotes

On my project I use this:

if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

I put it in the runtime and it works.

I also know how to disable it via .htaccess.

php_flag magic_quotes_gpc off

I am sure these both work.

How do I disable magic_quotes_runtime in PHP 5.5?

Simply delete the line.

Magic quotes have been dead for some time, and have been removed in PHP 5.4 and later. There is no reason to force them to off when they don't exist.

What are magic quotes runtime in PHP?

If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.

http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime

How to turn off magic quotes gpc for Joomla 3?

For MAMP

Steps:

Go to MAMP application >> Preferences (button) >> PHP (tab) >> Choose 5.3.1 or greater >> choose OK.
Go to the MAMP folder >> bin >> php >> php5.3.26 >> conf >> edit php.ini >> add "magic_quotes_gpc = Off" a few lines above "magic_quotes_sybase = Off".
Restart MAMP's servers.

For most mainstream hosting companies running a CGI-Webinterface

Steps:

Create a php.ini or php5.ini file with the following:

magic_quotes_gpc = Off

Put it in your Joomla 3 root. Then change the htaccess.txt in your Joomla 3 root to .htaccess. Add the following lines to the .htaccess file (at the top), don't forget to change php.ini to php5.ini when applicable :

<IfModule mod_suphp.c>
  suPHP_ConfigPath /home/myusername/public_html/yourJ3folder
  <Files php.ini>
    order allow,deny
    deny from all
  </Files>
</IfModule>

Change "myusername" and "yourJ3folder" to your respective folders. The "/home/myusername/public_html/yourJ3folder" can be found via the Global Configuration:

In Joomla backend > System > System Information > [Directory Permissions], the folder is usually the same as the log directory (but without /logs at the end).

.htaccess for some hosts

For some hosts, add the following to the .htaccess file in the root of your site (for example /home/myusername/public_html/.htaccess)

php_flag magic_quotes_gpc off

Yet Another Solution For Shared Hosts

create a php.ini file at your Joomla! root.
Add this content to the file and save

magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off

Edit your .htaccess file and add this line at the top and save the file

SetEnv PHPRC /home/youruser/public_html/php.ini

Test if the error message goes away

source : How to turn off magic quotes on shared hosting?

Another solution (for the hosts where PHP is running as FCGI module)

Works for PHP 5.3 and higher

create a .user.ini file at your Joomla! root.
Add this content to the file and save

magic_quotes_gpc = Off

SRC - https://docs.joomla.org/How_to_turn_off_magic_quotes_gpc_for_Joomla_3

How to turn off magic quotes on shared hosting?

As per the manual you can often install a custom php.ini on shared hosting, where mod_php isn't used and the php_value directive thus leads to an error. For suexec/FastCGI setups it is quite common to have a per-webspace php.ini in any case.

I don't think O (uppercase letter o) is a valid value to set an ini flag. You need to use a true/false, 1/0, or "on"/"off" value.

ini_set( 'magic_quotes_gpc', 0 );   // doesn't work

EDIT

After checking the list of ini settings, I see that magic_quotes_gpc is a PHP_INI_PERDIR setting (after 4.2.3), which means you can't change it with ini_set() (only PHP_INI_ALL settings can be changed with ini_set())

What this means is you have to use an .htaccess file to do this - OR - implement a script to reverse the effects of magic quotes. Something like this

if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
{
    $_POST = array_map( 'stripslashes', $_POST );
    $_GET = array_map( 'stripslashes', $_GET );
    $_COOKIE = array_map( 'stripslashes', $_COOKIE );
}

With magic quotes disabled, why does PHP/WordPress continue to auto-escape my POST data?

I think I found it. Problem (bug): http://core.trac.wordpress.org/ticket/18322

Solution: http://codex.wordpress.org/Function_Reference/stripslashes_deep

    $_GET       = array_map('stripslashes_deep', $_GET);
    $_POST      = array_map('stripslashes_deep', $_POST);
    $_COOKIE    = array_map('stripslashes_deep', $_COOKIE);
    $_SERVER    = array_map('stripslashes_deep', $_SERVER);
    $_REQUEST   = array_map('stripslashes_deep', $_REQUEST);

Note: As suggested by @Alexandar O'Mara, you might want to reconsider overwriting the superglobals like this. If it's appropriate for your situation, for example, you might just "strip locally" using an alternative like $post = array_map('stripslashes_deep', $_POST);

Also see @quickshiftin's excellent answer.