Disabling functions using the PHP disable_functions directive

This article describes how to use the disable_functions directive in a custom php.ini file to disable specific functions.

🚧

Important

The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article.

📘

Note

This article assumes that you have already set up a custom php.ini file on your web site. If you have not already set up a custom php.ini file, please read this article first.

Using the disable_functions directive

For security reasons, you may want to disable certain PHP functions. For example, the exec and system functions are particularly dangerous when they are used with unsanitized input values.

To disable a function, use a text editor to modify the disable_functions directive in the php.ini file. This directive takes a comma-delimited list. For example, to disable the exec and system functions, use the following directive:

disable_functions = "exec, system"

If you want to re-enable the functions, modify the disable_functions directive in the php.ini file as follows:

disable_functions = ""

👍

Tip

To verify the current value of the disable_functions directive and other directives, you can use the phpinfo() function. For more information about how to do this, please see this article.

More Information

• To view a complete list of php.ini directives, please visit http://www.php.net/manual/en/ini.list.php.

• For more information about the disable_functions directive, please visit https://secure.php.net/manual/en/ini.core.php#ini.disable-functions.

Related Articles

• Custom php.ini files

• Using php.ini directives