Understanding php.ini


Introduction


  • The PHP configuration file, php.ini, is the final and most immediate way to affect PHP's functionality.
  • The php.ini file is read each time PHP is initialized.
  • The configuration file is well commented on and detailed.
  • Keys are case sensitive, keyword values are not; whitespace, and lines beginning with semicolons are ignored.
  • Booleans can be represented by 1/0, Yes/No, On/Off, or True/False.
  • The default values in php.ini-dist.
  • PHP can be configured by a php.ini file at runtime. It defines behave before executing your PHP application code. Your php.ini is ordinarily located in the. /lib directory of where you installed PHP.
  • Alternatively, you can find it by utility function according to the path to where your php.ini file resides. :
Ø  <?php phpinfo ():?>
  • php.ini effect affects everything. Ex additional config files (e.g. apc.ini) for various libraries and tools of the system administrator
  • You can manage different categories like security, memory, and performance.
  • The important settings in php.ini:-

1.     short_open_tag

  • it allows you to use shorthand <? instead of <?php when opening PHP code. With this shorthand, you can fit your PHP code in your HTML when you need to do something like this:
Ø  Hello, <?=$firstname>!
  • If you use PHP in your HTML, you can fit embedded code to make it become more readable.

2. error_reporting

  • PHP has multiple levels of errors: E_ALL, E_NOTICE, E_WARNING, etc. This directive allows you to decide the error beginning.
  • you can “catch” your errors and “handle” them. using the ErrorException class with the set_error_handler () function.

3.     register_globals

This is practically one of the most important directives in PHP. When it is turned on, it allows input data – such as POST or GET – to be accessible via the $_REQUEST variable. ON / OFF directive usesby default in PHP 4.2 and removed it in 5.4.

4.      magic_quotes_gpc

This declarative automatically adds a ‘\’ to help escape special characters. turn this off.

5.      expose_php

When set to ‘On’, this will expose to the public that you’re running PHP and the version number via X-Powered-By: in the HTTP header. Keep it off.

6.      output_buffering

This setting controls HTML in the browser. When turned off, the HTML is sent to the browser in pieces as PHP examines through the execution sequence and your dynamic and static content together. When turned off, your HTML is turned into a single variable and sent to the browser in one giant piece.

7.      max_execution_time

When a request comes in and PHP begins to execute your code, it takes time to complete the transaction. In some situations, you may have an execution stack that takes too long. This can happen for various reasons such as bad code, a hung database, or slow responses from third-party web service APIs. 

Setting this value to enough time to reasonably capture diagnostic data for the holdup, but not too long to where the customer has to wait for minutes for a page to load because they won’t, of course.

Note: You can set this value to 0 for infinite time, but that is not good in production. Do not do this.

8.      memory_limit

The amount of time your PHP script takes to execute, there is also an amount of memory that your script will consume. This setting will set a maximum allowed quantity of memory to be allocated to the script so that if your script is running disorder, you can cap it and protect your server resources.

Note: In certain cases where memory_limit is set to -1, which allows for unlimited memory. This is a bad idea. Use the -1 setting only in development and testing environments, if and when needed.

9.      upload_max_filesize

This declarative allows for the maximum file size allowed to be uploaded from the server.

A good programmer caches the uploaded file on the server side so as not to wait for the file to upload again, but if the user uploads a different file, the wait time will have to repeat. This is a dangerous practice and a potential loophole for hackers too.

10.       post_max_size

This sets the maximum size of the entire POST data being sent. The difference between this and upload_max_filesize is that this regulates the whole size of the data being sent to the server, Adjust this accordingly.

11.      max_input_time

This is the maximum amount of time a script is allowed to parse input data, whether POST or GET. Essentially, this is the maximum amount of time you’re allowing an upload to complete. For example, if you set this to 60, the upload must finish within 1 minute. This is a challenge for users with slow Internet connections, but the advantage for you is to make sure your server resources have a fail-safe measure to avoid being tied up.

12.      include_path

This defines all the various system paths that PHP will need to look at when you include files in PHP (e.g. require (), include (), etc.). The shorter this list, the better your performance since you won’t have to spend so much time searching for files.

13.      short_open_tag = Off

Short open tags look like this: <? ?>. This option must be set to Off if you want to use XML functions.

14.      safe_mode = Off

If this is set to On, you probably compiled PHP with the --enable-safe-mode flag. Safe mode is most relevant to CGI use.

15.      safe_mode_exec_dir = [DIR]

This option is relevant only if safe mode is on; it can also be set with the --with-exec-dir flag during the Unix build process. PHP in safe mode only executes external binaries out of this directory. The default is /usr/local/bin. This has nothing to do with serving up a normal PHP/HTML Web page.

16.      safe_mode_allowed_env_vars = [PHP_]

This option sets which environment variables users can change in safe mode. The default is only those variables prepended with "PHP_". If this directive is empty, most variables are alterable.

17.      safe_mode_protected_env_vars = [LD_LIBRARY_PATH]

This option sets which environment variables users can't change in safe mode, even if safe_mode_allowed_env_vars is set permissively

18.      disable_functions = [function1, function2...]

A welcome addition to PHP4 configuration and one continued in PHP5 is the ability to disable selected functions for security reasons. Previously, this necessitated hand-editing the C code from which PHP was made. Filesystem, system, and network functions should probably be the first to go because allowing the capability to write files and alter the system over HTTP is never such a safe idea.

19.      max_execution_time = 30

The function set_time_limit() won.t work in safe mode, so this is the main way to make a script time out in safe mode. In Windows, you have to abort based on maximum memory consumed rather than time. You can also use the Apache timeout setting to timeout if you use Apache, but that will apply to non-PHP files on the site too.

20.  error_reporting = E_ALL & ~E_NOTICE

The default value is E_ALL & ~E_NOTICE, all errors except notices. Development servers should be set to at least the default; only production servers should even consider a lesser value

21.  error_prepend_string = [""]

this setting allows you to make error messages a different color than other text, or what have you.

22.  warn_plus_overloading = Off

This setting issues a warning if the + operator is used with strings, as in a form value.

23.  variables order = EGPCS

This configuration setting supersedes gpc_order. Both are now censured along with register_globals. It sets the order of the different variables: Environment, GET, POST, COOKIE, and SERVER (aka Built-in). You can change this order around. Variables will be overwritten successively in left-to-right order, with the rightmost one winning the hand every time. This means if you left the default setting and happened to use the same name for an environment variable, a POST variable, and a COOKIE variable, the COOKIE variable would own that name at the end of the process. In real life, this doesn't happen much.

24.  magic_quotes_runtime = Off

This setting escapes quotes in incoming databases and text strings. Remember that SQL adds slashes to single quotes and apostrophes when storing strings and does not strip them off when returning them. If this setting is Off, you will need to use stripslashes() when outputting any type of string data from a SQL database. If magic_quotes_sybase is set to On, this must be Off.

25.  magic_quotes_sybase = Off

This setting escapes single quotes in incoming database and text strings with Sybase-style single quotes rather than backslashes. If magic_quotes_runtime is set to On, this must be Off.

26.  Auto-prepend-file = [path/to/file]

If a path is specified here, PHP must automatically include () it at the beginning of every PHP file. Include path restrictions that do apply.

27.  Auto-append-file = [path/to/file]

If a path is specified here, PHP must automatically include () it at the end of every PHP file. Unless you escape by using the exit () function. Include path restrictions do apply.

28.  include_path = [DIR]

If you set this value, you will only be allowed to include or require files from these directories. They include directory is generally under your document root; this is mandatory if you.re running in safe mode. Set this to. in order to include files from the same directory your script is in. Multiple directories are separated by colons: .:/usr/local/apache/htdocs:/usr/local/lib.

29.  doc_root = [DIR]

If you.reusing Apache, you.ve already set a document root for this server or virtual host in httpd.conf. Set this value here if you're using safe mode or if you want to enable PHP only on a portion of your site (for example, only in one subdirectory of your Web root).

30.  file_uploads = [on/off]

Turn on this flag if you will upload files using PHP script.

31.  upload_tmp_dir = [DIR]

Do not uncomment this line unless you understand the implications of HTTP uploads!

32.  Session.save-handler = files

Except in rare circumstances, you will not want to change this setting. So don't touch it.

33.  ignore_user_abort = [On/Off]

This setting controls what happens if a site visitor clicks the browser.s Stop button. The default is On, which means that the script continues to run to completion or timeout. If the setting is changed to Off, the script will abort. This setting only works in module mode, not CGI.

34.  mysql.default_host = hostname

The default server host to use when connecting to the database server if no other host is specified.

35.  mysql.default_user = username

The default user name to use when connecting to the database server if no other name is specified.

36.  mysql.default_password = password

The default password to use when connecting to the database server if no other password is specified.


Post a Comment

0 Comments