1

In PHP 5.3, can "magic_quotes_gpc" be enabled?

I understand that it is deprecated in PHP 5.3, but a PHP script I am installing requires this otherwise it won't work.

Bernhard Barker
  • 54,589
  • 14
  • 104
  • 138
Michael
  • 13
  • 1
  • 3

4 Answers4

3

Then do not use that script it is quite bad to have magic quotes enabled.

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

DOC

WHY-NOT in DOC

Naftali
  • 144,921
  • 39
  • 244
  • 303
  • 2
    If the first thing you have to do is enable magic quotes to get this running, I can only imagine what other nonsense is going on behind the scenes. – Wesley Murch Aug 09 '11 at 17:14
3

It has to be done at the .ini level. It can't be done within a script using ini_set(), because by the time the ini_set() is processed, PHP has already completed startup and the various superglobal arrays (POST/GET/REQUEST/etc...) have been set and will NOT be changed.

You can enable the setting per-script using an Apache <Files> directive, since enabling magic quotes for all PHP scripts is a horrible idea:

<Files needs_gpc.php>
   php_value magic_quotes_gpc 1
</Files>
Marc B
  • 356,200
  • 43
  • 426
  • 500
2

You can simulate magic_quotes with a short script like:

$_GET = array_map("addslashes", $_GET);
$_POST = ...

Note that you need a recursive variant actually. And while you're at it you could at least use _real_escape_string rather than addslashes (which is really only allowable if your database and connection uses ASCII only).

To have that enabled for all scripts use the php.ini option:

auto_prepend_file = .../fake_magic_quotes.php

At least in PHP 5.3 it's possible to still enable this outdated feature however.

mario
  • 144,265
  • 20
  • 237
  • 291
0

Yes it can. The feature is disabled by default, but has not been removed. Just modify your php.ini file (or use Marc B's suggestion to enable it for specific script only)

Mchl
  • 61,444
  • 9
  • 118
  • 120