How to disable functions using the PHP disable_functions directive
This article describes how to use the disable_functions directive in a custom php.ini file to disable specific functions.
The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article
This article assumes that you have already set up a custom php.ini
file on your web site. If you have not already set up a custom php.ini
file, please read this article
Using the disable_functions directive
For security reasons, you may want to disable certain PHP functions. For example, the exec and system functions are particularly dangerous when they are used with unsanitized input values.
To disable a function, use a text editor to modify the disable_functions directive in the php.ini file. This directive takes a comma-delimited list. For example, to disable the exec and system functions, use the following directive:
disable_functions = "exec, system"
If you want to re-enable the functions, modify the disable_functions directive in the php.ini file as follows :
disable_functions = ""
To verify the current value of the disable_functions
directive and other directives, you can use the phpinfo()
function. For more information about how to do this, please see this article
- Custom php.ini files
You can use php.ini files to customize a wide range of PHP settings for your web site. Learn how here.
- Using php.ini directives
The directives in php.ini files allow you to control many settings for your web site. For example, you can control error logging, specify time zone information, and more.