Using a php.ini File at the UW
IT Connect > Web > Publishing > PHP > Php.ini File
- On This Page
- How a php.ini File is Read
- Creating Your Own php.ini File
- Overview of Select PHP Settings
- Resources
This page shows you how to customize a PHP configuration file called php.ini to control some of the settings of the PHP interpreter. A php.ini file enables you to customize such settings as whether global variables are turned on, the default directory to upload files to when writing upload scripts, and the maximum allowed size for uploaded files.
Note: Care should always be taken when using custom configuration settings.
How a php.ini File is Read
When the PHP interpreter starts up, it behaves according to settings specified in any available php.ini file. The Web server will look for this file in the following locations and in the following order:
- The directory from which the PHP script was called
- The root of your Web directory (typically public_html)
- The Web server's default php.ini
The Web server's PHP configuration file will always be used if you don't have your own. You can find the Web server's current php.ini file in /usr/local/lib/php/php.ini-dist on vergil or ovid; this file is not available on dante or homer. Inspecting the settings in this file may be helpful if you are troubleshooting a problem with your configuration.
Creating Your Own php.ini File
A php.ini file that you write must overwrite every setting in the UW's global php.ini file to achieve full functionality (see note below). Thus you must obtain a copy of the entire recommended php.ini template(see the previous paragraph), rename it to php.ini, and then adjust the settings of the file to the values you desire. When you're done, you can put the file in your root Web directory to apply custom configuration settings to all your PHP scripts, or you can put it in a subdirectory to apply custom configuration settings to a subset of PHP scripts.
If you want to copy our default php.ini file to your web directory, you can run the following command from vergil or ovid :
cp /usr/local/lib/php/php.ini-dist ~/public_html/php.ini
Note: you cannot use your configuration file to extend the Web server's PHP settings. Only settings in your own php.ini will be used if you have one. If you set only a few settings, all other settings will use the hard-coded values in the PHP interpreter.
Overview of Select PHP Settings
- Overviewed Settings
- register_globals
- upload_tmp_dir
- session.save_path
- display_errors and display_startup_errors
- log_errors and error_log
Once you have downloaded the recommended php.ini template, you can search for the following variables and change their values accordingly.
-
register_globals
New to PHP 4.1.0, the register_globals setting controls how you access form, server, and environment variables. By default this variable is set to Off, requiring you to use special arrays to access these variables. Those familiar with older versions of PHP will be used to an environment in which the register_globals variable is effectively On; with this setting, you can access form, server and environment variables simply by name.
Note: This change occurred in PHP 4.1.0 because when register_globals is set to On, PHP scripts are more vulnerable to attacks. Some older PHP applications will require this setting to be on, but it is safer to write new scripts with the assumption that register_globals will be set to Off.
To retrieve the value of <input name="formVariable"> from a form submitted with the POST method, use the following syntax:
PHP code when register_globals = On
$myNewVariable = $formVariable;
PHP code when register_globals = Off
$myNewVariable = $_POST['formVariable'];
For more information about this topic, please see the Security: New Input Mechanism heading of the PHP 4.1.0 Release Announcement.
-
upload_tmp_dir
This setting controls the temporary location of files uploaded with an HTML form. If you don't specify a path for this setting, uploaded files will be temporarily stored in a world-readable location on the server. To protect ease of manipulation and the confidentiality of such files, you should create a directory in your account and specify the new path in your php.ini file:
upload_tmp_dir = /hwxx/daxx/uwnetid/tmp
Replace /hwxx/daxx/uwnetid with the path to your Web directory. Make sure that you have a directory called tmp in the root of your Web directory (typically public_html) and make sure it is read and writable by you only.
-
session.save_path
This setting controls the location of server-side session cookies when your script uses PHP's session management functions. The Web servers now set this variable to a directory called php_tmp in your public_html folder. You cannot change this variable by setting it in your php.ini file.
-
display_errors and display_startup_errors
These two settings control whether PHP should display errors in the browser or be silent. It is recommended that you turn these two settings Off during production so that you don't accidentally display sensitive information about your Web site. This is especially true for dynamic Web sites that send usernames and passwords to access a database. In your php.ini file, this configuration will look like:
display_errors = Off
display_startup_errors = Off -
log_errors and error_log
These two settings control how PHP logs errors for later review. It is helpful to use these two settings if you have turned Off display_errors and display_startup_errors. In your php.ini file, this configuration will look like:
log_errors = On
error_log = /hwxx/daxx/uwnetid/phperrors.logReplace /hwxx/daxx/uwnetid with the path to your Web directory. Make sure that you have a file called phperrors.log in the root of your Web directory (typically public_html) and make sure it is read and writable by you.
Resources
For more information about php.ini files, see the following links:
