Click for Details
Browse and upload photos of events, at the
NYPHP flickr Group.
Link up with NYPHP at the
PHP LinkedIn Group.
PHP Initialization and Configuration
NYPHP - PHundamentals
The settings in php.ini control various aspects of PHP’s behavior. The default settings are not always optimal for a production environment. Here we present NYPHP’s recommendations for setting key initialization parameters.
Essential Settings
- Always set register_globals to off. Setting it to on may make it easier to pass variables from one script to another, but it opens unacceptable security vulnerabilities. Zend’s rationale for turning this value off by default is here.
- Always set magic_quotes_gpc and magic_quotes_runtime and magic_quotes_sybase to off. See the PHundamentals article on storing and retrieving/displaying data for further information on managing these complex settings.
- Always set log_errors to on, and set error_log to an appropriate path if the default is not suitable.
- Set any necessary extensions to be loaded automatically.
Convenience Settings
Set these file settings to appropriate values if for some reason the defaults are not acceptable:
- include_path PHP will look for files here when you use the require or include or require_once or include_once directives.
- extension_dir
- upload_tmp_dir Probably should be changed in a shared server environment.
- sendmail_from
- session.save_path Probably should be changed in a shared server environment.
- auto_prepend_file PHP will run this file before it runs your script.
- auto_append_file PHP will run this file after it runs your script.
Set these execution settings to appropriate values:
- upload_max_filesize (which defaults to 2M) if you expect large file uploads (for example, graphics files)
- max_execution_time (which defaults to 30 seconds), usually smaller unless you are doing heavy calculations
Settings for Development Environments
- Set memory_limit (which defaults to 8M) to a large enough value to avoid any potential problem.
- Set display-errors and track_errors to on. Set error_reporting to E_ALL & ~E_NOTICE. These settings facilitate debugging, and should be set to off in a production environment.
How to Modify Settings
When You Control the Server
- The simplest solution is to modify php.ini, changing appropriate settings to on or off, and enabling extensions by removing the semi-colon ; which comments them out. One problem with this solution is that this makes these settings global to the server, whereas it might be more appropriate to have different settings for different applications.
-
If so, an alternate solution is to modify Apache’s httpd.conf.
You may do this using the <VirtualHost> directive to point the modifications to a specific application, or you
may use the <Directory> or <Files> directives to limit them to a specific directory or files. In order
to use these directives, you must run Apache with DEFINE EV (that is, define environment) set. The command line for
this would be /usr/bin/httpd -DEV (or whatever the path to httpd is). Then a sample httpd.conf entry would
be as follows:
# make sure that you're running with -DEV <IfDefine EV> # point modifications at a virtual host or a directory or specific files <VirtualHost *> ServerAdmin foo at SpecificApplication.com DocumentRoot "/var/dev/www" ServerName dev # PHP stuff goes here php_value auto_append_file "/var/dev/dev.inc" php_value error_reporting "E_ALL" # end of PHP stuff </VirtualHost> </IfDefine>
When You Don’t Control the Server
First use the phpinfo() function on the server to determine exactly how PHP is configured there; and then decide which values you will need to reset. NYPHP members recommend a variety of techniques to accomplish the actual resetting. Among them are the following:
-
You can use a local php.ini when running PHP as a cli or cgi binary
by using the -c switch upon invocation. More information is
here. A sample local php.ini would be as follows:
include_path = .:/path/to/global/includes:/path/to/local/includes register_globals = 0 error_reporting = E_ALL display_errors = 1
- Or you can use the ini_set() function. More information is here. Notice that some directives can’t be set at all with ini_set(), and that these settings are valid only while the script in which they were set is running (so it will need to be called repeatedly for changes to be valid during a whole session). Further, using this function may affect the loading and running of PHP, so it should be used with extreme care.
-
Or you can use an .htaccess file. This is exactly the same as modifying httpd.conf
with the <Directory> directive; therefore,
everything in .htaccess applies to both the directory the file is in and all directories below it.
Note also that not all servers allow setting PHP values in .htaccess files. A sample
.htaccess would be as follows:
php_value include_path .:/path/to/global/includes:/path/to/local/includes php_value register_globals 0 php_value error_reporting E_ALL php_value display_errors 1 php_value auto_prepend_file path/to/my/functions/library/masterfile.php
-
Finally, you can use a text file in parse_ini_file format,
which can then be inserted into a script like this:
$cfg = parse_ini_file('/path/to/config.conf'); foreach($cfg as $key => $value) { define($key,$value); }More information is here.
For further information:
A list of which php.ini settings can be overridden by the user is
here.
Information on using Apache’s httpd.conf is
here.
PHP.NET’s own recommended php.ini is
here.
Contributors to this article include the following:
Mark Armendariz
Jon Baer
Jeff Barrett
Daniel Convissor
John Corry
John Lacey
Alan T. Miller
David Mintz
Brian Pang
Chris Shiflett
Felix Zaslavskiy
Hans Zaunere
Nasir Zubair
and the PHundamentals team: Jeff Siegel and Mike Southwell
RELATED ARTICLES
free PHP thumbnail maker CSS & Javascript minify gzip pipeline online API and console
Free API and developer tools console for PageSpeed optimization.