How to Replace the Deprecated Set_Magic_Quotes_Runtime in PHP

  • Home
  • Languages
  • PHP
  • How to Replace the Deprecated Set_Magic_Quotes_Runtime in PHP

How to replace get_magic_quotes_runtime() in PHP7.4

Well it is a reference to magic_quotes_runtime which is itself deprecated as of PHP 5.3 and REMOVED in PHP 5.4 so you have no need to use get_magic_quotes_runtime in PHP 7.4

So you can simply update your code accordingly:

/***
 * Turn off magic_quotes_runtime
 * this function serves no purpose
if (get_magic_quotes_runtime()) {
    @ini_set('magic_quotes_runtime', false);
}
***/

Edit: This is just an example, you can simply delete your shown code ;-)

PHP 5.4+ alternative to set_magic_quotes_runtime

According to PHP manual:

$magic_quotes = false;

Call to undefined function set_magic_quotes_runtime()

The function no longer exists in PHP 7, nor the setting it works with, so you will need to remove its usages. You will need to save the current state of your code and try to remove all the instances of this function call and see whether the site is working and if so, whether it is working as you expect it to work. Alternatively, you can implement a dummy version of the function and make it available everywhere:

if (!function_exists('set_magic_quotes_runtime')) {
    function set_magic_quotes_runtime($new_setting) {
        return true;
    }
}

PHP 7.4 deprecated get_magic_quotes_gpc function alternative

You need to remove every mention of this function from your code and do not replace it with anything else.

get_magic_quotes_gpc() has been useless ever since PHP 5.4.0. It would tell you whether you have magic quotes switched on in the configuration or not. Magic quotes were a terrible idea and this feature was removed for security reasons (PHP developers believed in magic & superstitions and wrote unsecure code).

Most likely even you yourself do not know why you had this line of code in your project. I know I was fooled by it when I was learning PHP. The reality is you do not need it at all. This function has nothing to do with security and the concept of input sanitization is preposterous.

Instead, rely on good security guidelines.

  • Use parameterized prepared statements for interactions with the database. PHP has a very good library called PDO, which can be used with many DB drivers including MySQL.
  • If you produce output, then escape the output taking into consideration the rules of that medium. For example when outputting to HTML use htmlspecialchars() to prevent XSS.
  • Never sanitize input. There is no magical solution that would protect you against everything. Instead, you as a developer must be aware of dangers and you need to know how to protect your code. Don’t try to sanitize input. Escape output.

How do I disable magic_quotes_runtime in PHP 5.5?

Simply delete the line.

Magic quotes have been dead for some time, and have been removed in PHP 5.4 and later. There is no reason to force them to off when they don't exist.


Related Topics

Dirt-Simple PHP Templates... Can This Work Without 'Eval'

Php, MySQL - Too Many Connections to Database Error

Remove Zero Values from a PHP Array

How to Swap Colors in Image Using Gd Library in PHP

Fetching One Row Only with MySQLi

Void as Return Type

Get the Metadata of an Order Item in Woocommerce 3

Why Is the PHP String Concatenation Operator a Dot (.)

Backup a MySQL Database and Download as a File

How to Import Xml String in a PHP Domdocument

PHP Encoding with Domdocument

Laravel 5.2: the Process Class Relies on Proc_Open, Which Is Not Available on Your PHP Installation

Get a PHP Datetime Difference in Days, Considering Midnight as a Day Change

How to Use Prepared Statements with Postgres

Which Is the Best Character Encoding for Japanese Language for Db, PHP, and HTML Display

How to Get the Value from Object(Stdclass)

PHP Replaces Spaces with Underscores

How to Get the Length of Longest String in an Array


Leave a reply



Submit