PHP magic_quotes_gpc Is Disabled [deprecated]

Severity: Medium

Invicti detected that the magic_quotes_gpc Is disabled. The magic quotes option is designed to safeguard developers against SQL injection attacks. It executes addslashes() on all information received over GET, POST or COOKIE.


When magic_quotes_gpc is disabled, that makes it easier for an attacker to perform SQL injection attacks.

Actions To Take#

To enable magic_quotes_gpc, you can set it to 'on' in the php.ini or .htaccess file.

  • php.ini:
    magic_quotes_gpc = 'on'
  • .htaccess:
    php_flag magic_quotes_gpc on
Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo