This FAQ explains how to set boolean PHP configuration directives using php_flag. The format for php_flag is: php_flag name on|off
1. Open the .htaccess file located in your site's home directory, or if you don't have one, create a blank one now. Note the period character (.) at the beginning of the file name.
2. Add any of the following code samples to your .htaccess file, each on it's own line. These sample commands will prevent common global variable injection attacks, cross site scripting (XSS) sttacks, and code injection attacks.
php_flag register_globals off
php_flag allow_url_fopen off
php_flag magic_quotes_gpc on
Note that although the magic_quotes_gpc directive adds a layer of security, for performance reasons it is not considered a best practice. If you have verified that your site correctly filters and validates all user data (and every production site really should), then there is no need to add this directive. If you have any doubt, add it.
3. Save the .htaccess file in your site's home directory.
4. Test your site's front end and back end.