The language options section of the php.ini file controls the most important settings within PHP, for example security and code style settings.
engine = On
This one is pretty simple. Either you want PHP on, or you don't. If you change this, PHP will not work.
Values: On (default), Off
short_open_tag = On
PHP code is normally written between the "<?php" and "?>" tags. However, if you set this to "On", then you will be able to use the shorter version of the opening tag, simply "<?". Enabling this option also allows you to use "<?=", which is a shorter version of "<?php echo".
I normally have this set to on, unless portability is a major concern of the project I am working on. If it is, it makes sense to leave this off, as other servers will not always have the same settings.
Values: On (default), Off
asp_tags = Off
This options allows you to use ASP tags, "<%" and "%>" instead of the usual PHP tags. It also allows you to use "<%=" which, as above, would be a shorter version of "<?php echo".
Values: On, Off (default)
« Back to php.ini Guide Introduction
« Back to php.ini Guide Introduction
precision = 14
This directive allows you to set the precision of floating point numbers (aka decimals). A setting of "2", for example, means that 1.234 would be displayed as 1.2. 1.294 would be converted to 1.3. The number given controls the number of significant digits displayed in any floating point number.
Values: Integer. Default: 14.
y2k_compliance = On
The y2k_compliance directive instructs PHP to use 4-digit years. This setting can apparently cause problems with some browsers (Navigator 3, and possibly others - any that can't understand 4-digit years) when set to On. However, not having it On will possibly cause problems with modern browsers, which can have problems with 2-digit years. I leave this on.
Values: On (default), Off
output_buffering = Off
This directive allows you to set all files to use output buffering by default. This means that rather than a page being sent to the user as it is created, it is stored until either the current script ends or PHP is instructed to send the page. This allows you to run functions on the product of a script after it has run.
You can use output buffering regardless of this setting by using the output buffering functions within PHP.
Values: On, Off (default), Integer (an integer will be treated as the maximum number of bytes allowed in the buffer).
;output_handler =
(note - commented out by default)This directive is only useful if "output_buffering" is not set to Off. This allows you to set a function to run on the contents of the output buffer before they are sent to the user, eg for the purposes of enabling gzip page compression (output_handler = "ob_gzhandler").
Values: "function_name"
zlib.output_compression = Off
This directive, when set to on, will instruct PHP to compress pages using gzip before sending them to the user. This is only done if the user agent requesting the page can receive the compressed content - otherwise the server sends normal, uncompressed data. If you want to set this to On, then the output_handler directive (above) cannot also be used. I often set this to On - it does no harm and can save on bandwidth.
Values: On, Off (default)
;zlib.output_handler =
(note - commented out by default)This directive is only usable if "zlib.output_compression" (above) is set to Off. Essentially it does the same thing as the "output_handler" directive (above), but in a different order.
Values: "function_name"
implicit_flush = Off
implicit_flush is only useful if you have output_buffering on. It tells the server to empty the buffer and send any output to the user straight away when content is created. Turning this on will hamper performance in a big way, so is only ever recommended on a temporary basis for debugging purposes.
Values: On, Off (default)
unserialize_callback_func=
The unserialize_callback_func directive is one of the more advanced settings in the php.ini file, and the chances are very good that if you change this before you are familiar with serialization, you will cause massive problems on your own server. I'd leave this well alone!
Values: "function_name"
serialize_precision = 100
When you serialise something you will later want to reuse, serialize_precision will play a role. This specifies how many digits after the decimal in a floating point number you wish to include in the serialized version of the float.
Values: Integer. Default: 100.
allow_call_time_pass_reference = On
This PHP directive tells the engine how you would like it to treat variables passed to functions. Passing them by value, rather than reference, means that the variable is not changed within the function - only the value of the variable is used in the function, not the variable itself. I try to always turn this off. This setting is deprecated in the more recent versions of PHP - meaning that in the future, PHP will, by default, always act as though this were set to Off.
Values: On (default), Off
« Back to php.ini Guide Introduction
« Back to php.ini Guide Introduction
safe_mode = Off
safe_mode is a security feature, the most important effects of which are when dealing with files in PHP. When safe_mode is set to On, PHP will check that whoever is running a script has permission from the system to access and modify requested files as appropriate. This, however, prevents PHP scripts from reading remote files, which can cause problems with many scripts. It is better to have this set to On, but not always possible.
Values: On, Off (default)
safe_mode_gid = Off
This setting only applies if safe_mode (above) is set to On.
This setting allows you to slightly relax file permissions checks made by PHP when safe_mode is on. By default, PHP checks that the current user has permission to access the requested file (a UID check). If the above is set to On, a GID check is performed instead, which checks for groups permissions rather than individual user permissions. If you turn safe_mode On and have problems with file operations, try turning this On before turning safe_mode Off to see if it solves file access problems. Otherwise, leave this Off.
Values: On, Off (default)
safe_mode_include_dir =
This setting only applies if safe_mode (above) is set to On.
This setting allows you to specify a "safe" directory, when safe_mope is set to on. Files in that directory will not have a permissions check made on them before access is allowed. I usually leave this as it is.
Values: Full path to directory.
safe_mode_exec_dir =
This setting only applies if safe_mode (above) is set to On.
When safe_mode is On, this setting will allow you to specify a directory containing executable files that you wish to allow to be run. As with the above, I usually leave this alone unless I specifically need to be able to run an executable file on the server from PHP.
Values: Full path to directory.
safe_mode_allowed_env_vars = PHP_
This setting only applies if safe_mode (above) is set to On.
This setting allows you to specify which, if any, environmental variables may be edited from PHP when safe_mode is On. If empty, PHP will allow the user to modify any environmental variable. I highly recommend that you do not change this unless you know exactly what you are doing and understand the security implications of changing it.
Values: Comma separated list. Default is "PHP_".
safe_mode_protected_env_vars = LD_LIBRARY_PATH
This setting only applies if safe_mode (above) is set to On.
This setting is the exact opposite of the above, safe_mode_allowed_env_vars. This allows you to specify a list, comma separated, of environmental variables that PHP may not edit, regardless of whether safe_mode_allowed_env_vars has been set to allow it. As with above, this should never be changed except by someone who fully understands the potential repercussions of changing it.
Values: Comma separated list. Default is "LD_LIBRARY_PATH".
« Back to php.ini Guide Introduction
« Back to php.ini Guide Introduction
;open_basedir =
The open_basedir setting allowed you to specify a directory for file operations. Any file operations run in PHP must be run within this directory and below. Usually, I will set this to a specific directory set outside the web root and containing no valuable or important files.
Values: Full path to directory.
disable_functions =
disable_functions allows you to specify a list (comma separated) of PHP functions that will not be allowed to run. This is quite a useful security setting, especially on a shared server. Commonly disabled functions include ini_set, exec, fopen, popen, passthru, readfile, file and system.
Values: Comma-separated list of function names. Blank by default.
disable_classes =
disable_classes allows you to specify a list (comma separated) of PHP classes that will be disabled. This is a relatively new feature, and in PHP4 is not terribly useful as there are few predefined classes in PHP4. Check out the PHP manual's Predefined Classes section for more information about which classes are built in to each version of PHP.
Values: Comma-separated list of class names. Blank by default.
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.bg = #FFFFFF
;highlight.default = #0000BB
;highlight.html = #000000
These settings are grouped here because they are all related. PHP has the ability to highlight its own syntax, and these settings control how various parts of the code are coloured. Feel free to play with this at your leisure, if using PHP's built-in syntax highlighting, until you find a scheme that suits you.
Values: Defaults as above. Any HTML-style hexadecimal colour is allowed (and must include preceding hash symbol, #).
expose_php = On
expose_php is a setting that tells PHP whether to let a user agent (eg a browser) know that PHP is installed on a server. Though it will not really benefit security to set this to off, I usually do. I see no reason to tell anyone what software a server is running.
Values: On (default), Off
« Back to php.ini Guide Introduction
Tags
Sorry, but no tags found yet.
Syndication
If you like this post, subscribe to my full feed or partial feed.
ILoveJackDaniels.com is the online playground of