PHP 7 - PHP.INI File Configuration

The PHP configuration file, php.ini, is the final and immediate way to affect PHP's functionality. The php.ini file is read each time PHP is initialized. In other words, httpd is restarted for the module version or with each script execution for the CGI version. If your change is not showing up, remember to stop and restart httpd. If it is still not showing up, use phpinfo() to check the path to php.ini.

The configuration file is well commented and thorough. Keys are case sensitive, keyword values are not; whitespace, and lines beginning with semicolons are ignored. Booleans can be represented by 1/0, Yes/No, On/Off, or True/False. The default values in php.ini-dist will result in a reasonable PHP installation that can be tweaked later.

Here we are explaining the important settings in php.ini which you may need for your PHP Parser.

short_open_tag = Off

Short open tags look like this: <? ?>. This option must be set to Off if you want to use the XML functions.

safe_mode = Off

If this is set to ON, you probably compiled PHP with the --enable-safe-mode flag. The Safe mode is most relevant to CGI use. See the explanation in the section "CGI compile-time options" given earlier in this chapter.

safe_mode_exec_dir = [DIR]

This option is relevant only if the safe mode is ON; it can also be set with the --with-exec-dir flag during the Unix build process. PHP in safe mode only executes external binaries out of this directory. The default is /usr/local/bin. This has nothing to do with serving up a normal PHP/HTML Web page.

safe_mode_allowed_env_vars = [PHP_]

This option sets which environment variables the users can change in safe mode. The default is only those variables prepended with "PHP_". If this directive is empty, most variables are alterable.

safe_mode_protected_env_vars = [LD_LIBRARY_PATH]

This option sets which environment variables the users cannot change in safe mode, even if safe_mode_allowed_env_vars is set permissively.

disable_functions = [function1, function2...]

A welcome addition to the PHP4 configuration and one perpetuated in PHP5 is the ability to disable the selected functions for security reasons. Previously, this necessitated hand-editing the C code from which PHP was made. Filesystem, system, and network functions should probably be the first to go because allowing the capability to write files and alter the system over HTTP is never such a safe idea.

max_execution_time = 30

The function set_time_limit() will not work in safe mode. Therefore, this is the main way to make a script time-out in safe mode. In Windows, you have to abort based on maximum memory consumed rather than the time. You can also use the Apache timeout setting to timeout but that will apply to non-PHP files on the site too.

error_reporting = E_ALL & ~E_NOTICE

The default value is E_ALL & ~E_NOTICE, all errors except notices. The development servers should be set to at least the default; only the production servers should consider a lesser value.

error_prepend_string = [""]

With its bookend, error_append_string, this setting allows you to make error messages a different color than the other text.

warn_plus_overloading = Off

This setting issues a warning if the + operator is used with strings, as in a form value.

variables_order = EGPCS

This configuration setting supersedes gpc_order. Both are now deprecated along with register_globals. It sets the order of the different variables: Environment, GET, POST, COOKIE, and SERVER (aka Built-in). You can change this order around. The variables will be overwritten successively in the left-to-right order, with the rightmost one winning the hand every time. This means, if you left the default setting and happened to use the same name for an environment variable, a POST variable, and a COOKIE variable, the COOKIE variable would own that name at the end of the process. In real life, this does not happen much.

register_globals = Off

This setting allows you to decide whether you wish to register the EGPCS variables as global. This is now deprecated, and as of PHP4.2, this flag is set to Off, by default. Use the superglobal arrays instead. All the major code listings in this book use superglobal arrays.

gpc_order = GPC

This setting has been Deprecated.

magic_quotes_gpc = On

This setting escapes the quotes in incoming GET/POST/COOKIE data. If you use a lot of forms which possibly submit to themselves or other forms and display form values, you may need to set this directive to On or prepare to use addslashes() on string-type data.

magic_quotes_runtime = Off

This setting escapes quotes in incoming database and text strings. Remember that SQL adds slashes to single quotes and apostrophes when storing strings and does not strip them off when returning them. If this setting is Off, you will need to use stripslashes() when outputting any type of string data from a SQL database. If magic_quotes_sybase is set to On, this must be Off.

magic_quotes_sybase = Off

This setting escapes single quotes in incoming database and text strings with Sybase-style single quotes rather than backslashes. If magic_quotes_runtime is set to On, this must be Off.

auto-prepend-file = [path/to/file]

If a path is specified here, PHP must automatically include() it at the beginning of every PHP file. Include path-restrictions do apply.

auto-append-file = [path/to/file]

If a path is specified here, PHP must automatically include() at the end of every PHP file, unless you escape by using the exit() function. Include path-restrictions do apply.

include_path = [DIR]

If you set this value, you will only be allowed to include or require files from these directories. The include directory is generally under your document root. This is mandatory if you are running in safe mode. Set this to .in, in order to include the files from the same directory your script is in. Multiple directories are separated by colons: .:/usr/local/apache/htdocs:/usr/local/lib.

doc_root = [DIR]

If you are using Apache, you have already set a document root for this server or virtual host in httpd.conf. Set this value here if you are using safe mode or if you want to enable PHP only on a portion of your site (for example, only in one subdirectory of your Web root).

file_uploads = [on/off]

Turn on this flag if you will upload files using PHP script.

upload_tmp_dir = [DIR]

Do not uncomment this line unless you understand the implications of HTTP uploads! = files

Except in rare circumstances, you will not want to change this setting. So do not touch it.

ignore_user_abort = [On/Off]

This setting controls what happens if a site visitor clicks the browser’s Stop button. The default is On, which means that the script continues to run till completion or timeout. If the setting is changed to Off, the script will abort. This setting only works in module mode, not CGI.

mysql.default_host = hostname

The default server host to use when connecting to the database server if no other host is specified.

mysql.default_user = username

The default user name to use when connecting to the database server if no other name is specified.

mysql.default_password = password

The default password to use when connecting to the database server if no other password is specified.