How to change magic_quotes_off in PHP?

joyacv2
joyacv2 used Ask the Experts™
on
Hi,

I am new in PHP but I read in many pages that is a recommendation to turn off this setting, and my actual phpinfo() says that it is ON.

How i can change to OFF? What is a .htaccess file? How I can change this setting?

I read in php manuals and many links, but I don't understand nothing! Any simple form?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
It is in 'php.ini' http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc .  It can also be set in '.htaccess' if you are running under Apache.  It can not be changed by your code because it is a value that needs to be known before your page is run.

'.htaccess' is a file that can be used with an Apache web server to set some directives in the directories where they need to be used instead of in the master file for all directories.

Author

Commented:
Sorry,

But I don't understand the link, how i can access the .htaccess file and change the setting?

The link says: "f the magic_quotes_sybase directive is also ON it will completely override magic_quotes_gpc", what exactly this means? Is correct for Off too?
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
The page on PHP.net tells you what it means.  The first thing to know is that it is not something critical.  About half of my web sites have it on and half have it off and I can still run the same programs on them.  It will not stop you from running PHP programs.

Where is your web site?  Are you on an Apache web server?  Shared hosting?
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Author

Commented:
Local Apache web server
Most Valuable Expert 2011
Top Expert 2016

Commented:
In my installations of PHP I can make my own .htaccess files and my own PHP.INI files, so I turn off the things I do not want.  And I'm with DaveBaldwin on this issue - you need to write code that can tolerate either condition.  So in the initialization of all my pages, I have something like this to remove the adverse effects of magic_quotes.

foreach ($_REQUEST as $k => $v)
{
    $_REQUEST[$k] = stripslashes($v);
}

Not very scientific, but it has never failed me yet ;-)

Author

Commented:
Hi,

But how i can change the setting directly with .htaccess?
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:

Author

Commented:
But where i enter this line of code?
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
In your '.htaccess' file which goes in the root directory of your web site.  You will probably have to create the file because it is only used when you need to tell Apache and PHP about something different than the normal configuration.  http://httpd.apache.org/docs/current/howto/htaccess.html

Author

Commented:
Can you give me a brief guide on where and how create this file?
Fixer of Problems
Most Valuable Expert 2014
Commented:
I thought I just did with the links to the PHP and Apache pages.  In the simplest version, you create a file called '.htaccess', put that line in it, and save it in the root directory of your web site.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial