The many possible settings for PHP in php.ini have been mentioned throughout this book; this section now lists those settings to which we will pay special attention when running our web applications. For some, we will provide values to be used on developer or testing machines and values for deployment to production servers. These are broken down into rough groupings to keep this section manageable; recommended settings for sessions have previously been covered, in the section "Configuration."
Various chapters in this book have casually mentioned some common settings for PHP. This list confirms those settings:
register_globals We will always leave this Off and use the newer methods of getting input data.
register_long_arrays We will always leave this Off using the new methods of dealing with global input data.
magic_quotes_gpc This is a feature not covered much in this book. PHP will, unless we turn this Off, automatically escape all quotes in GET, POST, and COOKIE input data. Because we have made a point throughout this book to be extra careful with the data, we do not need this feature in PHP and turn it Off.
include_path We will make sure this includes the core directories we want included. On Windows, this will be something like C:\PHP\includes; D:\WebApplications\Includes; on Unix-like systems, this will be /usr/local/lib/php:/home/httpd/webapps/includes.
safe_mode For most of our web applications, we are not going to be in a virtual server situation and will leave this value Off. If you are hosting your web application in some facility that shares the web server with many clients, you should confirm that they have safe mode enabled and that you are protected as best as possible.
file_uploads We will turn this Off until we write a web application that explicitly needs it, in which case we will turn it On. Then we would also want to set the value of upload_max_filesize to reflect our needs.
max_execution_time We will leave this at the default value of 30 seconds. Any web application page that takes longer than this is probably not designed as well as we would like, and we should reconsider how we do this.
max_input_time We will leave this at the default value of 60 seconds, although if we were to develop a web application to which people were uploading large files, we would want to change this.
memory_limit We will leave this at the default 8MB ("8M") because it gives us plenty of space to work.
Multiple-Byte String Settings
As mentioned in Chapter 6, "Strings and Characters of the World," we will use the following settings for multiple-byte string support:
mbstring.language We will set "Neutral" to indicate that we do not prefer one language over another.
mbstring.internal_encoding We will set this to UTF-8 to have PHP use Unicode as much as possible.
mbstring.encoding_translation We will set this to On to have PHP convert input data into UTF-8 for us.
mbstring.http_input We will have this be UTF-8 so that all incoming data is in Unicode.
mbstring.http_output We will also have this be UTF-8 so that we default to generating Unicode strings.
mbstring.func_overload We will set this to 7 to indicate that we want to use all possible mbstring functions. Note that this means we must use mb_strlen($buf, '8bit') to be able to get the size of binary buffers.
We will use the following error settings in php.ini:
display_errors We will use the value On for development and debugging and Off for deployment and production servers.
log_errors We will have this value Off for debug and development builds and On for deployment builds.
error_log This is where the log_errors facility writes messages as it sees them. We will not use the syslog value because the entries that PHP writes will be in a very different format from what the web server writes to the same logs. We will instead use some file that we specify.
error_reporting As mentioned previously, we will use E_ALL | E_STRICT to get the most rigorous error reporting possible.
We are lucky that the mysqli extension comes configured to communicate with the MySQL server as we would like, "out of the box." However, if we are using other database servers, then there are some options we might wish to configure. The most common values are for persistent connections, and are all similar to the values shown here for PostgreSQL:
pgsql.allow_persistent We will use the persistent connections feature in the other database servers, so we should check that this is set to On.
pgsql.max_persistent This controls the number of persistent connections that will be allowed. A value of -1 indicates that PHP can create as many of these as the database server will accept. We will use this value and make sure our database server is configured to limit the number of connections to some reasonable number.