Knowledge Base

How to set the PHP magic quotes directive in an .htaccess file

This article describes how to enable and disable the magic quotes directive in an .htaccess file.

The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article.

This article assumes that you have already set up a custom .htaccess file. If you have not already set up a custom .htaccess file, please read this article first.

This article only applies to PHP 5.3 and earlier versions. The magic quotes directive was removed in PHP 5.4.

Using the magic quotes directive

Make sure you are aware of the security implications of enabling and disabling the magic quotes directive. For more information, please visit http://www.php.net/manual/en/security.magicquotes.php.

When the magic quotes directive is enabled, PHP automatically escapes data from HTTP GET and POST requests and cookie data. For example, if a user types “hello” (with the quotation marks) in an HTML form, PHP automatically escapes the quotation marks and stores the value as \“hello\”.

To enable or disable the magic quotes feature, follow these steps:

  1. Log in to your account using SSH.
  2. Use a text editor to modify the .htaccess file as follows:
    • To enable the magic quotes feature, add the following line:
      php_flag magic_quotes_gpc On
    • To disable the magic quotes feature, add the following line:

      php_flag magic_quotes_gpc Off
  3. Save the changes to the .htaccess file and exit the text editor.
  4. To verify that the new setting is active, create a PHP test file that contains the following code in the same directory where the .htaccess file is located:
    <?php phpinfo(); ?>
  5. Load the test file in your web browser, and then search for the name of the directive. The Local Value column should display the new setting that you specified in the .htaccess file.

More Information