Website anti-injection with horse-mounted PHP. INI Security Settings

When you want to prevent page attacks, you can include an anti-attack file in the header of the page, like a generic anti-injection file. We can do this in three different ways:
1, in each file reference. Such a document is OK, but it is inconvenient if there are hundreds of files in a website.
2, in the common inclusion of documents within the reference, such as config.inc.php tutorial. This is a good way, but also the current market is more popular practice.
3, in the php.ini reference. References in the configuration file, will affect all the sites, including all pages, which is like the popular some free space vendors, when you open a free ftp space, upload the site, the space will appear in the same ads. I don't know if this is the way, but the purpose is the same. The advantage of this is that if it is a company or an intranet site, it is safe and easy to maintain.

The first two methods are clear, and the third is to find this section in php.ini:

; Automatically add files before or after any PHP document.
; auto_prepend_file = "phpids.php"
; auto_append_file = "alert.php"

The default is empty, please add the included files.
Find at the same time:

; Unix: "/path1:/path2"
; include_path = ".:/ Php/includes "
;
; Windows: "Path1;path2"
include_path = ".; F:phpnowhtdocs "

Because I am a win environment, the Windows option is turned on, including paths that can be modified freely. At the same time, such a function for our attack also caused by convenience, such as hanging horses. Now the "market" also has a lot of horse skills, do not say more. We can use the Auto_prepend_file option, to the bulk of the horse, you can put the entire server on the site, the advantages are: Do not affect speed, not modify the file, new methods. Disadvantages are: Must have write permission to php.ini.