How can I disable PHP magic quotes at runtime?
Only magic_quoted_runtime can be disabled at runtime. But magic_quotes_gpc can’t be disabled at runtime (PHP_INI_ALL changable until PHP 4.2.3, since then PHP_INI_PERDIR); you can only remove them:
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
For further information see Disabling Magic Quotes.
Disabling magic quotes
On my project I use this:
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
I put it in the runtime and it works.
I also know how to disable it via .htaccess.
php_flag magic_quotes_gpc off
I am sure these both work.
How do I disable magic_quotes_runtime in PHP 5.5?
Simply delete the line.
Magic quotes have been dead for some time, and have been removed in PHP 5.4 and later. There is no reason to force them to off when they don't exist.
What are magic quotes runtime in PHP?
If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime
How to turn off magic quotes gpc for Joomla 3?
For MAMP
Steps:
- Go to
MAMP application >> Preferences (button) >> PHP (tab) >> Choose 5.3.1 or greater >> choose OK
. - Go to the
MAMP folder >> bin >> php >> php5.3.26 >> conf >> edit php.ini >> add "magic_quotes_gpc = Off"
a few lines above"magic_quotes_sybase = Off"
. - Restart MAMP's servers.
For most mainstream hosting companies running a CGI-Webinterface
Steps:
Create a php.ini
or php5.ini
file with the following:
magic_quotes_gpc = Off
Put it in your Joomla 3 root. Then change the htaccess.txt
in your Joomla 3 root to .htaccess
. Add the following lines to the .htaccess
file (at the top), don't forget to change php.ini
to php5.ini
when applicable :
<IfModule mod_suphp.c>
suPHP_ConfigPath /home/myusername/public_html/yourJ3folder
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>
Change "myusername
" and "yourJ3folder
" to your respective folders. The "/home/myusername/public_html/yourJ3folder
" can be found via the Global Configuration:
In Joomla backend > System > System Information > [Directory Permissions]
, the folder is usually the same as the log directory (but without /logs at the end).
.htaccess for some hosts
For some hosts, add the following to the .htaccess
file in the root of your site (for example /home/myusername/public_html/.htaccess
)
php_flag magic_quotes_gpc off
Yet Another Solution For Shared Hosts
create a php.ini
file at your Joomla! root.
Add this content to the file and save
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
Edit your .htaccess
file and add this line at the top and save the file
SetEnv PHPRC /home/youruser/public_html/php.ini
Test if the error message goes away
source : How to turn off magic quotes on shared hosting?
Another solution (for the hosts where PHP is running as FCGI module)
Works for PHP 5.3 and higher
create a .user.ini
file at your Joomla! root.
Add this content to the file and save
magic_quotes_gpc = Off
SRC - https://docs.joomla.org/How_to_turn_off_magic_quotes_gpc_for_Joomla_3
How to turn off magic quotes on shared hosting?
As per the manual you can often install a custom php.ini on shared hosting, where mod_php isn't used and the php_value
directive thus leads to an error. For suexec/FastCGI setups it is quite common to have a per-webspace php.ini
in any case.
--
I don't think O (uppercase letter o) is a valid value to set an ini flag. You need to use a true/false, 1/0, or "on"/"off" value.
ini_set( 'magic_quotes_gpc', 0 ); // doesn't work
EDIT
After checking the list of ini settings, I see that magic_quotes_gpc is a PHP_INI_PERDIR
setting (after 4.2.3), which means you can't change it with ini_set()
(only PHP_INI_ALL
settings can be changed with ini_set()
)
What this means is you have to use an .htaccess file to do this - OR - implement a script to reverse the effects of magic quotes. Something like this
if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
{
$_POST = array_map( 'stripslashes', $_POST );
$_GET = array_map( 'stripslashes', $_GET );
$_COOKIE = array_map( 'stripslashes', $_COOKIE );
}
With magic quotes disabled, why does PHP/WordPress continue to auto-escape my POST data?
I think I found it. Problem (bug): http://core.trac.wordpress.org/ticket/18322
Solution: http://codex.wordpress.org/Function_Reference/stripslashes_deep
$_GET = array_map('stripslashes_deep', $_GET);
$_POST = array_map('stripslashes_deep', $_POST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_SERVER = array_map('stripslashes_deep', $_SERVER);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
Note: As suggested by @Alexandar O'Mara, you might want to reconsider overwriting the superglobals like this. If it's appropriate for your situation, for example, you might just "strip locally" using an alternative like $post = array_map('stripslashes_deep', $_POST);
Also see @quickshiftin's excellent answer.
Related Topics
Call to Undefined Function Password_Hash()
Why Doesn't Sprintf() Output Anything
Getting All $_Post from Multiple Select Value
Strip HTML Tags and Its Contents
Create a Insert... Select Statement in Laravel
Simple PHP Mail Function Not Working on Amazon Server Ec2
Laravel 5.1 Date_Format Validation Allow Two Formats
Convert Hex to Ascii Characters
Php: Most Frequent Value in Array
PHP Session Variables Not Preserved with Ajax