To turn it on, you edit php.ini. On my server, it's under /etc/php.ini . I had to be root to touch it, so chances are that you'll have to ask, and chances are they'll say no. If they do say no, you'll just have to go through the shopping cart script and make sure that all database input has been put through add_slashes(). It's really simple if it was written straightforward, just find every query (search through for pg_query or mysql_query) and then grab the variables and add addslashes() around the variable input.
