PHP Learning Research: php.ini configuration file roaming

Source: Internet
Author: User
Tags error code execution file size file upload variables pear system log hosting

Generally you do not need to change the PHP settings, it usually works well according to the default configuration. But developers as PHP designers consider that users may occasionally need to tweak some of the functionality of the PHP language for specific applications. As a result, they display some PHP variables through a configuration file named PHP.ini. This profile allows users to adjust PHP multiple features, including setting file paths and directories, changing session and database parameters, and activating extended options (activating extensions).

Before we begin our introduction, we will briefly describe how the PHP configuration file is organized. One of the reasons the file is named PHP.ini is that it follows the common structure of the INI file in many Windows applications. It is an ASCII text file and is divided into parts of several different names, each of which includes various variables associated with it. Each section resembles the following structure:


variable= "Value"

Anothervariable= "Anothervalue"

The names of the parts are enclosed in square brackets at the top, and then a pair of "variable names-values" for any number of them, each one on a separate line. As with regular PHP code requirements, variable names are case-sensitive and cannot contain spaces, and the value of a variable can be a number, a string, or a Brownian type (Boolean).

Each line, if preceded by a semicolon, indicates that the line is a comment statement. This also makes it very easy to allow or disallow PHP functionality. All you need to do is annotate the relevant statements without deleting them, and the statement will not be parsed by the system. This is especially handy when you want to reopen a feature over a period of time, because you don't need to delete the row in the configuration file.

For easy PHP identification, the php.ini file must either be placed in the current directory, either in the directory defined by the $PHPRC environment variable, or in the directory specified at compile time (the Windows Home directory for Windows PHP).

After changing the PHP configuration by modifying the php.ini file, you need to restart the Web server for the configuration change to take effect (this is, of course, in the case of using PHP through a Web server). For PHP command line usage patterns, the system reads the configuration file every time it comes to the PHP binaries.

This is the first stop for profile roaming and also a very important one: language interpreter-related options. The first line is the engine variable, which controls whether the PHP engine is "on" or "off". Shutting down the engine means that the embedded PHP code will not be parsed by the Web server. It's usually pointless to turn it off, so keep it open.

Engine = On

Short_open_tag Controls whether the parser recognizes abbreviated <?...? > logo, will be equivalent to the standard <?php ...? > logo. If you anticipate that a shorthand mark will conflict with another language, or if you want to use strict syntax rules for your PHP code, you can turn it off.

Short_open_tag = On

Typically, sessions, cookies, or HTTP file header data in a PHP script must be sent before the script produces any output. If this is not possible in your application, you can do so by allowing PHP to be called the output buffering feature, which is controlled by the output_buffering variable.

If you turn on output buffering,php, the results of the script will be stored in a special memory buffer area and sent out when explicitly instructed. In this way, you can even send special HTTP header and cookie data in the middle of the script or at the end of the script. Of course, this will result in a certain degree of script performance degradation.

Output_buffering = Off

You can also assign a value to the output_buffering variable to specify the buffer area size, for example:

Output_buffering = 2048

When PHP starts, it adds PHP version number information to the Web server standard header information. If you want to turn off this feature, you can set expose_php to False. This is useful, for example, to mask this information on a Web server to protect against potential hacker attacks.

expose_php = On

Now look at how to set up the lookup path and error control.

You can set the PHP lookup path through the include_path variable. It allows a range of directories to be included. PHP will automatically check these directories if the related file calls are missing the specified path.

If you have a function library or class that you use frequently, you can also write its location here for easy lookup. This is also a good place to add PHP's pear directory path, which will include many reusable classes.

include_path = ".:/ Usr/local/lib/php/pear: "

Windows users can specify multiple paths by separating the path names by semicolons, while UNIX users need to use colons.

The other two interesting variables are auto_prepend_file and auto_append_file. These variables specify the other files that PHP automatically adds to the head of any PHP document file or the end of the file. This is useful for adding headers or footers to pages generated by PHP, saving you time to add code to each PHP document. Note, however, that the specified files will be added to all PHP documents, so these variables must be appropriate for a single application (single-application) server.

The included files are either PHP scripts or plain HTML documents. Embedded PHP code must use standard <?php ...? > tags are enclosed.

Auto_prepend_file =/home/web/includes/header.php

Auto_append_file =/home/web/includes/legal.php

Errors in PHP can be grouped into four categories: parsing errors, hints about small code problems (such as notice), warnings (except non-fatal errors), and fatal errors (fatal errors). Typically, when PHP encounters an error other than the second (a hint about a small code problem), an error message is displayed, and the code is immediately stopped if it is a fatal error. You can modify this feature by modifying the error_reporting variable. This variable can receive a bit error code and only displays the same error as the code.

error_reporting = E_all

To turn off all errors shown-as is usually recommended in the product code-you can set the Display_errors variable to false and use the log_errors variable to write the information to the error log.

This can improve the security of your system-by turning off errors, you can hide specific information from the system so that a malicious user cannot use that information to try to invade a site or application. But you should write the error messages to the custom log file or the system log by specifying the ERROR_LOG variable as a filename or a special value of "syslog". Remember to check these files regularly to see what is going on inside the application.

Display_errors = Off

Log_errors = On

Error_log = "Error.log"

PHP can use a number of different extension options. In UNIX systems, extended options need to be created at compile time, and for Windows, binary DLL files will be included with PHP publishing. The variable extension_dir includes the directory name where PHP should view the associated extended options.

Extension_dir = "C:\Program files\internet tools\apache\bin\php4\extensions"

PHP under Windows includes 20 different extension options, all of which are listed in the php.ini file (through annotations). To activate a specific extension option, just remove the semicolon from the corresponding beginning and restart the server. If you want to disable an extended option (for example, if you need to improve system performance), simply add a semicolon at the beginning of the line.

If the extended option is not listed in the php.ini file, you can use the variable extension and pass the corresponding DLL file name to the variable.



Set Extension-specific variables
The variable extension-specific is stored in a separate area of the configuration file. For example, all variables associated with MySQL extensions should be stored in the [MySQL] area of php.ini.

If you need to use PHP's mail () function, you need to set the following three variables. You need to use SMTP and variable sendmail_from (Windows system) or variable Sendmail_path (Unix system) when sending e-mail messages through the PHP mail () function. For Windows, these variables set the SMTP server used and the "From:" Address displayed in the e-mail message, whereas for UNIX, variable Sendmail_path sets the MTA for message transfer (message transfer agent, mail transfer The path of the agent).


Sendmail_from = <a href= "" ></A>

Sendmail_path =/usr/sbin/sendmail

Variables Java.class.path, Java.home, Java.library, and Java.library.path are all used to set the path to find Java classes and libraries. These values will be used by Java extensions, so if you want PHP to properly integrate with Java programs, you must make sure that the variables are set correctly.

Java.class.path =. \php_java.jar

Java.home = C:\JDK

Java.library = C:\jdk\jre\bin\hotspot\jvm.dll

Java.library.path=. \

The variable session.save_path specifies the temporary directory required to save session information. Typically, this directory defaults to/TMP, but because this default directory does not exist in the Windows system, you must reset it to the correct Windows Temp directory, or the session handler will eject the annoying error message when calling the Session_Start () function. You can also control the duration of the session cookie through variable session.cookie_lifetime.

Session.save_path = c:\windows\temp

Session.cookie_lifetime = 1800

In php.ini, there are many variables associated with the security issues of PHP installations. The most interesting of these is the Safe_mode variable, which is recommended for the ISP and shared hosting service (shared-hosting services), which limits the user's use of PHP.

Safe_mode = Off

When Safe mode is open, you can specify in what directory to look for related files through variable safe_mode_include_dir. By putting a binary program in a specific directory and using the Safe_mode_include_dir variable to tell the directory php,php will limit the types of programs that can run PHP scripts using the EXEC () command. Only binary files in this directory can be accessed through the EXEC () command.

Safe_mode_include_dir =/usr/local/lib/php/safe-include

Safe_mode_exec_dir =/usr/local/lib/php/safe-bin

You can also restrict file operations through variable Open_basedir. This variable will be set as the directory name for the file action root (root). After this variable is set, files that are stored outside of this directory tree will not be accessible to PHP. This is a good way to limit users to their home or web directories in a shared system.

Open_basedir =/home/web/

Variable Max_execution_time sets the time, in seconds, that PHP waits for the script to finish before the script is forced to terminate. This variable is useful when the script enters an infinite loop state. However, when there is a legitimate activity that takes a long time to complete (such as uploading a large file), this feature can also cause the operation to fail. In such cases you must consider increasing the value of this variable to avoid PHP shutting down the script while the script is performing some important process.

Max_execution_time = 90

Just mention the upload, now let's see how to configure the uploads variable and the form variable.

If the security configuration provided by the security configurations discussed earlier in this article does not meet your requirements, you can further increase the security strength by closing the file upload or by setting the maximum file size limit for each upload. Both of these functions will be implemented by variable file_uploads and upload_max_filesize respectively. In general, you should set a relatively small file size limit unless you have an application designed to receive files (such as a picture book based on Web FTP services) on your system.

File_uploads = On

Upload_max_filesize = 2M

If you don't care about uploading files, but you use a lot of forms in your PHP application, there are two variables that will give you a lot of interest. The first is variable register_globals, which solves the long-standing pain of the PHP developer. In PHP 3.x, this variable defaults to ON. As a result, form variables are automatically converted to PHP variables when the form is submitted.

In PHP 4.x, this variable is set to off by default for security reasons. As a result, form variables will be accessible only through specific $_get and $_post. This also causes many scripts written in PHP 3.x to run into problems, requiring developers to rewrite the script and test it again. For example, the values entered into the form field <input type= "text" name= "email" > will be interpreted as $email for PHP 3.x scripts, and $_post[' emails ' in PHP 4.x scripts, or $_get [' Email '].

This variable can typically be set to OFF, which provides a more secure precaution against scripting attacks that are made through a form. If you need to consider compatibility issues with early PHP 3.x scripts, you should put on.

Register_globals = Off

A variable associated with form submission is post_max_size, which controls the maximum amount of data that PHP can receive in a form submission that takes place in a post method. It seems unlikely that you will need to change the default 8 MB to a larger size. Instead, it should be appropriately reduced to a more realistic value. However, if you want to use the php file upload feature, you need to change this value to be larger than the upload_max_filesize.

Post_max_size = 8M

Added the Max_input_time variable in PHP 5. This variable can be limited in seconds to the time it takes to receive data by post, get, and put. If your application is running on a low speed link, you need to increase this value to accommodate the additional time required to receive data.

Max_input_time = 90

You can also improve the performance of the PHP parser by adjusting some of the variable values. To avoid running scripts that use the system's available memory heavily, PHP allows you to define memory usage limits. Specify the maximum amount of memory that a single script program can use by Memory_limit variables:

Memory_limit = 8M

The value of the variable memory_limit should be appropriately greater than the Post_max_size value.

Another way to improve performance is to disable variable $ARGC and $ARGV, which are used to hold the number of parameters that are passed to the application in the command line and the actual parameter values.


Similarly, you can disable $http_get_vars as well as $http_post_vars, because you are unlikely to use the first two methods in the use of $_get and $_post today. Disabling this feature can lead to performance improvements, but this can only be achieved through the variable register_long_arrays in PHP 5.

Register_long_arrays = False

function Ini_set ()

Finally, you need to pay attention to the Ini_set () function. While PHP reads all the settings in the php.ini configuration file, it also provides the ability to use the Ini_set () function to change these settings according to the Per-script principle. This function receives two parameters: the name of the configuration variable that needs to be adjusted, and the new value of the variable. For example, increase the maximum execution time when a script appears (Maximum execution times):


Ini_set (' Max_execution_time ', 600)

More code


Such a setting will only affect the script being set. Once the script completes, the variable is automatically restored to the original value.

If the PHP application is running on a shared server, it is unlikely that you will be able to access the primary php.ini configuration file. At this point, the function Ini_set () can allow the PHP configuration to be dynamically modified according to the special requirements, which will bring you great convenience.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.