Knowledge Base

How to disable functions using the PHP disable_functions directive

This article describes how to use the disable_functions directive in a custom php.ini file to disable specific functions.

The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article.

This article assumes that you have already set up a custom php.ini file on your web site. If you have not already set up a custom php.ini file, please read this article first.

Using the disable_functions directive

For security reasons, you may want to disable certain PHP functions. For example, the exec and system functions are particularly dangerous when they are used with unsanitized input values.

To disable a function, use a text editor to modify the disable_functions directive in the php.ini file. This directive takes a comma-delimited list. For example, to disable the exec and system functions, use the following directive:

disable_functions = "exec, system"

If you want to re-enable the functions, modify the disable_functions directive in the php.ini file as follows :

disable_functions = ""
To verify the current value of the disable_functions directive and other directives, you can use the phpinfo() function. For more information about how to do this, please see this article.

More Information