new ini file

What is a php.ini file and listing of developer’s most used directives in php.ini.

Posted on Posted in PHP, Technology


The configuration file (php.ini) is read when PHP starts up. For the server module versions of PHP, this happens only once when the web server is started. The php.ini file is where you declare changes to your PHP settings. You can use the default settings for the server, change specific settings by editing the existing php.ini, or create a new text file and name it php.ini.

The syntax of the file is extremely simple. Whitespace and lines beginning with a semicolon are silently ignored (as you probably guessed). Section headers (e.g. [Foo]) are also silently ignored. Booleans can be represented by 1/0, Yes/No, On/Off, or True/False. The default values in php.ini-dist will result in a reasonable PHP installation that can be tweaked later.

you can use ‘ini_set (string $varname , string $newvalue)’ function to set the value of configuration file. it sets the value of the given configuration option. The configuration option will keep this new value during the script’s execution, and will be restored at the script’s ending.

ini_set (string $varname , string $newvalue); // $varname is the name of the directive,$newvalue the new value for the option

The PHP.ini file is a file that contains parameters for how PHP works and uses the machine. You can set various options like :

  1. date.timezone :

    It defines the default timezone used by the date functions. For example :

    date.timezone = "US/Central"
  2. expose_php :

    It decides whether PHP may expose the fact that it is installed on the server (e.g. by adding its signature to the Web server header). It is no security threat in any way, but it makes it possible to determine whether you use PHP on your server or not. For Example :

    expose_php = On
  3. display_errors :

    This directive controls whether or not and where PHP will output errors, notices and warnings too. Error output is very useful during development, but it could be very dangerous in production environments. Depending on the code which is triggering the error, sensitive information could potentially leak out of your application such as database usernames and passwords or worse.

    Possible Values:
    Off = Do not display any errors
    stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
    On or stdout = Display errors to STDOUT

    display_errors = On
  4. log_errors :

    Besides displaying errors, PHP can also log errors to locations such as a server-specific log, STDERR, or a location specified by the error_log directive. For example :

    	log_errors = On
  5. allow_url_fopen :

    This directive used to disallow injecting nasty stuff from URLs. The allow_url_fopen directive is disabled by default. You should be aware of the security implications of enabling the allow_url_fopen directive. PHP scripts that can access remote files are potentially vulnerable to arbitrary code injection.

    allow_url_fopen = on
  6. allow_url_include :

    If disabled, allow_url_include restrict remote file access via the include and require statements, but leaves it available for other file functions like fopen() and file_get_contents. include and require are the most common attack points for code injection attempts, so this setting plugs that particular hole without affecting the remote file access capabilities of the standard file functions.

  7. memory_limit :

    This sets the maximum amount of memory in bytes that a script is allowed to allocate. This helps prevent poorly written scripts for eating up all available memory on a server. Note that to have no memory limit, set this directive to -1.

    Default value of this directive is ‘128M’.

    memory_limit = 512M
  8. max_input_time :

    This sets the maximum time in seconds a script is allowed to parse input data, like POST and GET. It’s a good idea to limit this time on productions servers in order to eliminate unexpectedly long running scripts.

    Default value of this directive is ‘-1′ (unlimited).

    max_input_time = 60
  9. disable_functions :

    This directive allows you to disable certain functions for security reasons. It receives a comma-delimited list of function names.

    Only internal functions can be disabled using this directive. User-defined functions are unaffected.

    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
  10. upload_max_filesize :

    This directive used to set maximum allowed size for uploaded files.

    Default value of this directive is ‘2M’.

    upload_max_filesize = 5M
  11. max_file_uploads :

    The maximum number of files that can be uploaded via a single request.

    Default value of this directive is ’20’.

    max_file_uploads = 20
  12. post_max_size :

    Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize.

    Default value of this directive is ‘8M’.

    post_max_size = 10M

What are your favorite directives or any other info regarding the php.ini file. Let me know through your comments.