Disable functions for security reasons

Published: January 15th, 2011 Views: 24 Last modified: July 31st, 2011 Category(s): PHP/MySQL Quick solutions Comments: 0 Tags: php function, php.ini, quick how to

You can disable certain php functions for security reasons, simply by change the php.ini file. The first thing you have to do is searching for the following line

disable_functions =

if you see a semicolon in front of it, remove it. Now you can specify a comma separated list of php functions you want to to disabled. We take some common used functions for example which we will disable for use. However, those functions are not the best nominated to be disabled….

disable_functions = strtoupper, substr, mysql_connect

Save your php.ini file and restart your server, probably apache.

If you would use those functions like this:

<?php
echo strtoupper('uppercase');
echo substr('substring', 1, 2);
mysql_connect('localhost', 'user', 'pass');
echo '<br />Result:'. pow(2, 3);
?>

you would receive the following warnings (if enabled) when you request the page…

Warning: strtoupper() has been disabled for security reasons in C:\server\htdocs\index.php on line 2

Warning: substr() has been disabled for security reasons in C:\server\htdocs\index.php on line 3

Warning: mysql_connect() has been disabled for security reasons in C:\server\htdocs\index.php on line 4

Result:8

You would see the result of pow() as that specific function is not listed.

VN:F [1.9.13_1145]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.13_1145]
Rating: 0 (from 0 votes)
    Bluehost

    Mail this!

    To: From:Sum {0+9} =  
    Anything to add ?

        You must be logged in to post a comment.