The data handling section of the php.ini file controls how (surprisingly) data is handled by PHP. This includes incoming data from the user and data generated by PHP.
;arg_separator.output = "&"
This variable is used by PHP, when it generates URLs, to separate the querystring variables. The default, "&", is correct, and should never really need to be changed.
Values: Quoted String. Default: "&".
;arg_separator.input = ";&"
This directive is the opposite of the above. It tells PHP how to handle incoming URLs, and what separates the variables sent in that URL. As above, it is best not to change this as this is correct for the vast majority of circumstances and websites.
Values: Quoted selection of separators. Default: ";&".
variables_order = "EGPCS"
When PHP received variables, it can receive two variables with the same name through different methods. It is important that PHP knows which method should take preference, and that is what this directive is there for. GET (G), POST (P), Cookie (C), Environment (E) and Built-in (S) variables are all controlled through this directive. I would recommend that unless you have a very specific reason for changing this, you leave it as it is. However, if you wanted GET variables to always take precedence over POST variables of the same name, and so on, this is the setting to change.
Values: G, P, C, E and S, in any order. Default: "EGPCS".
register_globals = Off
This directive is single-handedly responsible for more security breaches in PHP applications that any other. It should always, without fail, be Off. There is no reason for it to be turned On. If an application demands that it be turned On, find a better application. (In some versions of PHP this may be "On" by default).
Values: On, Off (default)
register_argc_argv = On
If you need to use $argc and $argv, you'll be wanting to leave this On. If set to Off, $argv and $argc will not be declared and will be useless. If you don't know what $argc and $argv are, then it is recommended that you turn this directive Off to increase performance.
Values: On (default), Off
post_max_size = 8M
A simple directive, this tells PHP the maximum size of POST data it should accept is. This can apply to file uploads but also to text uploads. If a user has filled a textarea with millions of lines of code, they could pass this limit. Only change this if you need to for a specific purpose, and generally speaking it is best to change this on a per-script basis.
Values: File size. Default: 8M
gpc_order = "GPC"
This directive has been deprecated and should not be changed. It is intended to control the order in which GET, POST and COOKIE variables are read, so that, in the order above (GET then POST then COOKIE), POST variables would overwrite GET variables of the same name. This directive has been superseded by variables_order.
Values: G, P and C, in any order. Default: "GPC".
magic_quotes_gpc = On
Magic quotes are a nice idea, but in practice there is potential for them to go wrong and cause problems. This directive, when set to On, will track incoming variables and add slashes before special characters. The idea is to make SQL injection attacks harder or impossible. However, in practice this can make for sloppy coding style, and should a site be moved to a new host (or configuration changed), there is a high risk of SQL Injection becoming a major problem. Always set this off, and learn to love the "mysql_real_escape_string" function.
Values: On (default), Off
magic_quotes_runtime = Off
Data from the user is dangerous, but data from a database can also cause issues. If you select text from a database and use it in a new database query, any apostrophes or quotation marks in that data could easily cause a SQL error, and could be a security risk as well. If you have to use Magic Quotes, turn this on. Otherwise, and for the same reasons as above, keep this Off.
Values: On, Off (default)
magic_quotes_sybase = Off
Different databases use different techniques to escape special characters. MySQL uses a slash (\), however for some databases, including SQL Server, the method of escaping is different. "\'" is MySQL equates to "''" in SQL Server. This directive, if set to On, instructs PHP to use the second style of escaping in Magic Quotes.
Values: On, Off (default)
auto_prepend_file =
auto_append_file =
A very useful pair of directives (that can usually also be controlled from within .htaccess), these two allow you to tell PHP to automatically include a file at the beginning or end of every script run on the server. If you wanted to add a tracking script to your site, for example, you could do so here without needing to modify every file.
Values: Both directives take a file path as values. Blank by default.
default_mimetype = "text/html"
;default_charset = "iso-8859-1"
These values control the way PHP identified its output. The first, "default_mimetype" is sent with pages and tells browsers that the page being returned is an HTML page. The second, "default_charset", identifies the character set used on the page. You could change these if using other mime types or character sets, but it often makes life easier to do this within the PHP code itself, using the "header()" function.
Values:
default_mimetype: "text/html". Can be set to any mime type.
default_charset: "iso-8859-1" (standard English character set). Can be changed to any character set.
;always_populate_raw_post_data = On
This directive, when set to on, allows you to access all the data sent through POST with the $_GLOBALS['HTTP_RAW_POST_DATA'] variable. Usually, this is used when XML is sent through a form to a site.
Values: On (default), Off
Tags
Syndication
If you like this post, subscribe to my full feed or partial feed.
ILoveJackDaniels.com is the online playground of