What is php.ini in php ?
php.ini is a configuration file in php than can be used to customize various setting in php. Easy way to customize the behavior of php.When PHP server starts it look for php.ini file to load various settings such as maximum file upload, error logs, short open tags, global variables, maximum execution time etc.
IF you want to do some custom configuration in php For eg. : in vertrigo server default maximum upload size is 2M if you want to change its size to 80M then through php.ini file you can change is size as below
upload_max_filesize =80M
Some errors if settings are not customized in php.ini file
1. Short Open tag :
code inside php.ini file : short_open_tag =On
if short open tag is even off then the below code will print
<?php echo "short open tag is off"; ?>
Output: short open tag is off
but this below code will print
<? echo "short open tag is off"; ?>
Output: <? echo "short open tag is off"; ?>
because php does not recognise this open tag as php tag so its is treated as a html content .
In order to use <?xml ?> inline we need to off short open tag
2. Register Global Variable :
It is suggested that register global variables must be always off in php.ini settings because it will inject your scripts with all sorts of variables, like request variables from HTML forms.
So for security reason register global must be always off.
Misuse of register global on:
<?php
if (isset($_SESSION['user'])) {
echo "Hello <b>{$_SESSION['user']}</b>";
} else {
echo "Hello <b>Guest</b><br />";
echo "Would you like to login?";
}?>
3. Maximum Execution Time : This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser.
Fatal error: Maximum execution time of 30 seconds exceeded in ......
If the site is not running in safe mode you can change the maximum execution time using the below function
set_time_limit()
else set it in php.ini file as below
max_execution_time =600
php.ini is a configuration file in php than can be used to customize various setting in php. Easy way to customize the behavior of php.When PHP server starts it look for php.ini file to load various settings such as maximum file upload, error logs, short open tags, global variables, maximum execution time etc.
IF you want to do some custom configuration in php For eg. : in vertrigo server default maximum upload size is 2M if you want to change its size to 80M then through php.ini file you can change is size as below
upload_max_filesize =80M
Some errors if settings are not customized in php.ini file
1. Short Open tag :
code inside php.ini file : short_open_tag =On
if short open tag is even off then the below code will print
<?php echo "short open tag is off"; ?>
Output: short open tag is off
but this below code will print
<? echo "short open tag is off"; ?>
Output: <? echo "short open tag is off"; ?>
because php does not recognise this open tag as php tag so its is treated as a html content .
In order to use <?xml ?> inline we need to off short open tag
2. Register Global Variable :
It is suggested that register global variables must be always off in php.ini settings because it will inject your scripts with all sorts of variables, like request variables from HTML forms.
So for security reason register global must be always off.
Misuse of register global on:
<?php
if (isset($_SESSION['user'])) {
echo "Hello <b>{$_SESSION['user']}</b>";
} else {
echo "Hello <b>Guest</b><br />";
echo "Would you like to login?";
}?>
When register_globals = on, we could also use $user in our example above but again you must realize that $user could also come from other means, such as GET (through the URL).
if set
$user=$_SESSION['user'] ;
if register global is off this variable cannot be used globally. but its not secured either to use session within a variable coz this $user canbe set from other methods such as GET,POST etc by user.
To use global variables you can use the below script and add to beginning of every file or function.inc.php file and call it every time before start working with user variables.This will prevent problems with wrong initialized variables or users who try to break your application.
if (ini_get('register_globals')) {
foreach ($GLOBALS as $int_temp_name => $int_temp_value) {
if (!in_array($int_temp_name, array (
'GLOBALS',
'_FILES',
'_REQUEST',
'_COOKIE',
'_SERVER',
'_ENV',
'_SESSION',
ini_get('session.name'),
'int_temp_name',
'int_temp_value'
))) {
unset ($GLOBALS[$int_temp_name]);
}
}
}
foreach ($GLOBALS as $int_temp_name => $int_temp_value) {
if (!in_array($int_temp_name, array (
'GLOBALS',
'_FILES',
'_REQUEST',
'_COOKIE',
'_SERVER',
'_ENV',
'_SESSION',
ini_get('session.name'),
'int_temp_name',
'int_temp_value'
))) {
unset ($GLOBALS[$int_temp_name]);
}
}
}
Fatal error: Maximum execution time of 30 seconds exceeded in ......
If the site is not running in safe mode you can change the maximum execution time using the below function
set_time_limit()
else set it in php.ini file as below
max_execution_time =600
No comments:
Post a Comment