Configuration Directives

This lesson cannot cover every configuration directive in php.ini in detailthere are simply too many. However, in the following sections you will learn how some of the most commonly used settings work. For a full reference, refer to www.php.net/manual/en/ini.php.

Configuring the PHP Environment

The following sections list some of the common configuration directives that affect the environment in which PHP runs. Each directive listed in the following sections is shown with its default entry from the php.ini file that is distributed with PHP 5, where the default is set.

PHP Tag Styles

These directives allow you to select which tag styles can be used in a PHP script:

• short_open_tag = On The short_open_tag directive enables or disables the use of the <? opening tag. If this setting is turned off, your scripts must use the full <?php tag.

  Because <? can have other meanings when embedded in a web page, you should try to avoid using short_open_tag, and in future releases of PHP, it may be disabled by default.

• asp_tags = Off The asp_tags style of PHP tag begins with <% and ends with %>. You must enable this style in php.ini if you want to use it.

System Resource Limits

The following directives allow you to manage the system resources available to a PHP script:

• max_execution_time = 30; The max_execution_time directive specifies the maximum total number of seconds that a script can run. After this time is exceeded, an error occurs, and script execution stops.

  Unless you have a specific need for a higher value in order to run slow scripts, you should not change this value. An accidental infinite loop in your script would eat up a lot of system resources, and max_execution_time is a safeguard against this kind of problem.

  If a web page takes 30 seconds or more to load, visitors will probably not wait for it to finish, unless they have requested some specific information that they understand may take some time to generate.

• memory_limit = 8M Each PHP script has a memory usage limit to make sure that the work it is doing does not get out of control and affect the system in a negative way. Most scripts use only a very small amount of memory; to find out just how much, you can call the memory_get_usage function.

  The M suffix indicates a value in megabytes; the K or G suffix could also be used, to indicate kilobytes or gigabytes, respectively. If you are absolutely sure you want to remove the memory limit completely, you can set memory_limit to 1.

Form Processing

You can use these directives to change the way PHP interacts with web forms:

• magic_quotes The magic_quotes settings instruct PHP to automatically delimit quotes so that they are safe to use as string values. These are the defaults:

   magic_quotes_gpc = On magic_quotes_runtime = Off magic_quotes_sybase = Off 

  
  

  The magic_quotes_gpc setting applies to data posted from a form and data from cookie values. (gpc stands for GET, POST, and COOKIE data.) The magic_quotes_runtime directive tells PHP to delimit quotes in data generated by the script, such as from a database query or host command.

  Usually, quotes are delimited with a backslash character, but some databases, notably Sybase, use another quote character. When the magic_quotes_sybase setting is enabled, delimited quotes appear as '' instead of \'.

• register_globals = Off The register_globals setting has been disabled in PHP by default since version 4.2. When it is enabled, this option causes PHP to create global variables that contain the same information as the super-globals $_ENV, $_GET, $_POST, $_COOKIE, and $_SERVER. The variable names correspond to the key names in each of the super-global arrays.

• variables_order = "EGPCS" The variables_order directive determines the order in which global variables are registered from the super-globals. With register_globals enabled and the default ordering, a cookie named email is registered more recently than a posted form value with the same name, so $email in the script contains the cookie's value.

  Because register_globals creates values that are not distinguished by their source, it is strongly recommended that you use the super-global arrays; when you do so, you can be confident that $_POST["email"] was a form-submitted value, but $email could have come from one of several sources.

• register_long_arrays = On Older PHP versions use arrays named $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_SERVER_VARS, and so on instead of the newer super-global arrays. The register_long_arrays directive determines whether arrays with these names are created. This feature remains enabled by default for backward compatibility.

Include Files

You can use the include_path directive to give a list of locations in which to search for a file referenced in an include or require statement. The locations are separated by colons on Linux/Unix systems and by semicolons on Windows systems.

Often you need to ensure that include files are kept in a directory that is not directly accessible by a web server. The following example defines an include path that contains a directory parallel to the web root of /home/chris/public_html:

 php_value include_path .:/home/chris/include 

The period character (.) is used to indicate the current working directory, and in this example, it is given higher priority than the defined include directory. In this case, if an include statement finds a matching file in both locations, the one in the working directory will be used. This type of configuration allows you to use shared library files across your server but override them for some scripts when necessary.

The auto_prepend_file and auto_append_file directives allow you to specify files that are automatically added at the start and end of each PHP script. The filename given is found in include_path, or a full path to the file can be given.

A common use for auto_prepend_file is to automatically include part of the HTML layout before the output from your script so that all your pages look the same. Because auto_prepend_file is a PHP feature, only files parsed by PHP have the file prepended; static HTML pages do not.

HTTP Headers After any output has been sent to the browser, you cannot use the header function to send HTTP headers or use any other PHP functions that require headers to be sent, such as session control functions or cookies. Therefore, any script included by auto_prepend_file must produce no output if you want to send custom HTTP headers.

Error Logging

As you learned in Lesson 22, "Error Handling," PHP allows you to configure the strictness of error reporting and the means by which it is reported.

The value of the error_reporting directive is a bitmask comprised of the values found in Table 22.1 in Lesson 22. You can use logical operators to combine values as follows:

 error_reporting  =  E_ALL & ~E_NOTICE & ~E_STRICT 

The display_errors and log_errors directives determine whether an error is written to the screen display and web server log file, respectively.

The default settings are as follows, with errors displayed to screen and not written to a file:

 display_errors = On log_errors = Off 

You can use the error_log directive to specify an alternate filename, as in the following example:

 error_log = /tmp/php_log 

Configuring PHP Extensions

Some PHP extensions have their own directives that can be configured in php.ini to adjust the behavior of that extension.

For clarity in the configuration file, section headings are used to separate extension-specific settings. For instance, all the settings that affect the MySQL extension are found in a section of php.ini that begins [MySQL]. Each directive name also has a prefix that indicates the extension to which it belongs (for example, mysql.connect_timeout or session.cookie_path).

You can find documentation for extension-specific configuration directives in the online manual pages for each extension.

Configuring System Security

Some of the directives in php.ini that are not covered in this lessonmost notably the safe_mode directive and its related settingsconcern server security. These configuration options allow you to restrict certain types of functionality on the web server, and you will learn about them in Lesson 24, "PHP Security."