PHP Learning Research: PHP. INI configuration file roaming

Source: Internet
Author: User
Tags php file upload
Generally, you do not need to change the PHP settings. it usually works well according to the default configuration. However, developers who are PHP designers consider that users may occasionally need to adjust some features of the PHP language for specific applications. Therefore, they display some PHP variables in the configuration file named php. ini. This configuration file allows you to adjust multiple functions of PHP

Generally, you do not need to change the PHP settings. it usually works well according to the default configuration. However, developers who are PHP designers consider that users may occasionally need to adjust some features of the PHP language for specific applications. Therefore, they display some PHP variables in the configuration file named php. ini. This configuration file allows you to adjust multiple PHP functions, including setting file paths and directories, changing sessions and database parameters, and activating extension options.

Before getting started, we will briefly describe the organization of the PHP configuration file. One of the reasons for naming a file php. ini is that it follows the common structure of ini files in many Windows applications. It is an ASCII text file and is divided into several parts with different names. each part includes various variables related to it. Each part is similar to the following structure:


Variable = "value"

Anothervariable = "anothervalue"

The names of each part are enclosed in square brackets and placed on the top. then, a pair of any number of "variable names-values" is displayed, each of which occupies a single row. As required by common PHP code, variable names are case-sensitive and cannot contain spaces. variable values can be numbers, strings, or brown (Boolean ).

If each line starts with a semicolon, it indicates that this line is a comment statement. This makes it very easy to allow or disable PHP functionality. You only need to comment out the relevant statement without deleting it, and the statement will not be parsed by the system. This is especially convenient when you want to re-enable a feature after a period of time, because you do not need to delete this feature in the configuration file.

PHP. the INI file must either be placed in the current directory, or in the directory defined by the $ PHPRC environment variable, or the directory specified during compilation (for Windows PHP, the Windows main directory ).

After modifying the php configuration through the PHP. ini file, you need to restart the Web server to make the configuration change take effect (of course, this is when PHP is used through the Web server ). For the PHP command line usage mode, the system reads the configuration file every time the PHP binary program is involved.

This is the first and most important site for roaming configuration files: language interpreter options. The first line is the engine variable, which controls whether the PHP engine is "on" or "off ". Disabling the engine means that the embedded PHP code will not be parsed by the Web server. Usually it is meaningless to close it, so it is enabled.

Engine = On

Short_open_tag controls whether the parser recognizes the abbreviated Mark, equivalent to the standard Flag. If you expect the abbreviated logo to conflict with other languages or want to adopt strict syntax rules for PHP code, you can disable it.

Short_open_tag = On

Generally, session, cookie, or HTTP header data in a PHP script must be sent before the script generates any output. If this is not possible in your application, you can allow PHP to call it the output buffering function. This function is controlled by the output_buffering variable.

If output buffering is enabled, PHP stores the running results generated by the script in a special memory buffer zone and sends the results only when explicitly indicated. In this way, you can even send special HTTP header and cookie data in the middle of the script or at the end of the script. Of course, this will cause a certain degree of decline in the script running performance.

Output_buffering = Off

You can also assign values to the output_buffering variable to specify the buffer area size. for example:

Output_buffering = 2048

When PHP is started, it adds the PHP version number to the standard header of the Web server. To disable this function, set expose_php to false. This function is very useful. for example, you can block this information on a Web server to prevent potential hacker attacks.

Expose_php = On

Now let's take a look at how to set the search path and error control.

You can use the include_path variable to set the PHP search path. It can contain a series of directories. If the specified path is missing in the file call, PHP will automatically check these directories.

If you have frequently used function libraries or classes, you can write them here to facilitate searching. This is also a good place to add the PEAR directory path of PHP. This path will include many reusable classes.

Export de_path = ".:/usr/local/lib/php/pear :"

Windows users can use semicolons to separate path names to specify multiple paths. UNIX users must use colons.

The other two interesting variables are auto_prepend_file and auto_append_file. These variables specify that PHP is automatically added to any PHP document file header or other files at the end of the file. This is useful for adding headers or footers to pages generated by PHP, saving time for adding code to each PHP document. Note that the specified file will be added to all PHP documents. Therefore, these variables must be applicable to single-application servers.

The files contained are either PHP scripts or common HTML documents. Embedded PHP code must use standard Mark.

Auto_prepend_file =/home/web/uplodes/header. php

Auto_append_file =/home/web/uplodes/legal. php

PHP errors can be divided into four types: Parsing errors, prompts about small code problems (notice) (for example, variables are not initialized), warnings (except non-fatal errors ), and fatal errors ). Generally, when PHP encounters an error other than the second one (a prompt for minor code issues), it displays an error message and immediately stops code processing if a fatal error occurs. You can modify this function by modifying the error_reporting variable. This variable can receive one-bit error code and only display the same errors as these codes.

Error_reporting = E_ALL

To disable displaying all errors-this is usually recommended in product code-you can set the display_errors variable to false and use the log_errors variable to write information to the error log ).

This can improve the security performance of the system-by disabling error display, you can hide specific information of the system, and malicious users cannot use this information to try to intrude into the site or application. However, you should specify the error_log variable as the file name or special value "syslog" to write the error information to the custom log file or system log. Remember to regularly check these files to know exactly what happened inside the application.

Display_errors = Off

Log_errors = On

Error_log = "error. log"

PHP can use many different extension options. In UNIX systems, extension options need to be created at Compilation. for Windows, binary DLL files are included with PHP releases. The extension_dir variable includes the directory name for PHP to view related extension options.

Extension_dir = "C: \ Program Files \ Internet Tools \ Apache \ bin \ php4 \ extensions"

In Windows, PHP includes 20 different extension options, all of which are listed in the php. ini file (via comments ). To activate a specific extension option, you only need to remove the semicolon at the beginning of the line and restart the server. To disable an extension option (for example, to improve system performance), you only need to add a semicolon at the beginning of the line.

If the extension option is not listed in the php. ini file, you can use the extension variable and pass the corresponding DLL file name to the variable.

Extension = php_domxml.dll

Extension = php_dbase.dll

Set extension-specific variable
The variable extension-specific is stored in a separate region in the configuration file. For example, all variables related to the MySQL extension function should be stored in the [MySQL] area of php. ini.

If you need to use the mail () function of PHP, you need to set the following three variables. When sending email information through the PHP mail () function, use SMTP and the variable sendmail_from (Windows system) or variable sendmail_path (UNIX system ). For Windows, these variables set the SMTP server used and the "From:" address displayed in the email information. for UNIX, the sendmail_path variable sets the MTA (mail transmission proxy, mail transfer agent) path for mail transmission.


Sendmail_from =

Sendmail_path =/usr/sbin/sendmail

The variables java. class. path, java. home, java. library, and java. library. path are all used to set the paths for finding Java classes and libraries. These values will be used by Java extensions, so if you want PHP to correctly integrate with the Java program, you must ensure that these variables are correctly set.

Java. class. path =. \ php_java.jar

Java. home = c: \ jdk

Java. library = c: \ jdk \ jre \ bin \ hotspot \ jvm. dll

Java. library. path = .\

The session. save_path variable specifies the temporary directory required to save session information. In general, this directory is/tmp by default, but because this default directory does not exist in Windows, you must reset it to the correct Windows temporary directory, otherwise, the session handler will pop up an annoying error message when calling the session_start () function. At the same time, the session cookie validity period can be controlled through the variable session. cookie_lifetime.

Session. save_path = c: \ windows \ temp

Session. cookie_lifetime = 1800

In php. ini, there are many variables related to security issues installed in PHP. The most interesting one is the safe_mode variable. we recommend that you set it for the ISP and shared-host services. this variable will limit the usage scope of PHP.
Safe_mode = Off

When safe mode is enabled, you can use the variable safe_mode_include_dir to specify the directory in which to find the relevant files. Place the binary program in a specific directory and use the safe_mode_include_dir variable to inform PHP of the Directory. PHP will restrict the types of programs that can run PHP scripts using the exec () command. In this directory, only binary files can be accessed through the exec () command.

Safe_mode_include_dir =/usr/local/lib/php/safe-include

Safe_mode_exec_dir =/usr/local/lib/php/safe-bin

You can also use the open_basedir variable to restrict file operations. This variable is used as the root directory name of the file operation. After this variable is set, for PHP, files stored outside the directory tree will not be accessible. This is a good way to restrict users to their home or Web directories in the sharing system.

Open_basedir =/home/web/

The max_execution_time variable sets the time for PHP to wait for the script to be executed before the script is forcibly terminated. The time is calculated in seconds. This variable is useful when the script enters an infinite loop state. However, when there is a legal activity that takes a long time to complete (such as uploading large files), this function will also cause operation failure. In this case, you must consider increasing the value of this variable to avoid PHP closing the script when the script is executing an important process.

Max_execution_time = 90

Now let's take a look at how to configure uploads variables and form variables.

If the security strength provided by the security configuration discussed earlier in this article does not meet your requirements, you can disable file upload or set the maximum file size limit for each upload to further improve the security strength. The preceding two functions are implemented through the variables file_uploads and upload_max_filesize. Generally, unless an application in the system designed to receive files (for example, an image book based on the Web FTP service), you should set a relatively small file size limit.

File_uploads = On

Upload_max_filesize = 2 M

If you are not interested in uploading files but use a large number of forms in PHP applications, two variables will interest you a lot. The first is the variable register_globals, which solves the long-term pain points of PHP developers. In PHP 3.x, this variable is On by default. The form variables are automatically converted to PHP variables when the form is submitted.

In PHP 4.x, this variable is set to Off by default for security reasons. Therefore, form variables can only be accessed through a specific $ _ GET and $ _ POST. This also caused a lot of problems during the running of scripts written in PHP 3. x, requiring developers to rewrite the script and re-test it. For example, input to form fieldsFor PHP 3. the x script can be understood as $ email, whereas in PHP 4. the x script is used as $ _ POST ['email '] or $ _ GET ['email'].

Generally, you can set this variable to Off to provide more security measures for script attacks through forms. If you need to consider compatibility with the early PHP 3.x script, you should place it On.

Register_globals = Off

A variable related to form submission is post_max_size, which controls the maximum data size that PHP can receive in a form submission using the POST method. It seems unlikely that the default 8 MB size needs to be increased. Instead, it should be appropriately reduced to a more practical value. If you want to use the php file upload function, you need to change this value to a value greater than upload_max_filesize.

Post_max_size = 8 M

Added the max_input_time variable in PHP 5. This variable can be used to limit the time when data is received through POST, GET, and PUT in seconds. If the application's running environment is on a low-speed link, you need to add this value to adapt to the more time required to receive data.

Max_input_time = 90

You can also adjust some variable values to improve the performance of the PHP parser. To avoid using a large amount of available memory by running scripts, PHP allows you to define the memory usage limit. Use the memory_limit variable to specify the maximum memory capacity that a single script program can use:

Memory_limit = 8 M

The value of the variable memory_limit should be greater than the value of post_max_size.

Another way to improve performance is to disable the variables $ argc and $ argv. These two values are used to store the number of parameters passed to the application in the command line and the actual parameter values.

Register_argc_argv = false

Similarly, you can disable $ HTTP_GET_VARS and $ HTTP_POST_VARS, because the first two methods are unlikely to be used today when $ _ GET and $ _ POST are used. Disabling this function can improve performance, but this can only be achieved through the register_long_arrays variable in PHP 5.

Register_long_arrays = false

Function ini_set ()

Note the ini_set () function. When PHP reads all the settings in the php. ini configuration file, it also provides the ability to use the ini_set () function to change these settings according to the per-script principle. This function receives two parameters: the name of the configuration variable to be adjusted and the new value of the variable. For example, add maximum execution time when a script appears ):


Ini_set ('max _ execution_time ', 600)

// More code


This setting will only affect the configured script. Once the script is executed, the variable is automatically restored to the original value.

If the PHP application runs on a shared server, you are unlikely to be able to access the main php. ini configuration file. In this case, the function ini_set () allows you to dynamically modify the PHP configuration according to special requirements, which will bring you great convenience.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.