Wednesday, January 8, 2020

Where is php.ini? The PHP Configuration File

Where is php.ini? The PHP Configuration File

In this tutorial, we’re going to discuss php.ini—the main configuration file in PHP. From the beginner’s perspective, we’ll discuss what it’s meant for, where to locate it and a couple  of important configuration settings it provides.

What is php.ini?

Whether you’re a beginner in PHP or a seasoned PHP developer, I’m sure that you’ve heard of php.ini: the most important PHP configuration file. 

When PHP is run, it looks for the php.ini file in some specific locations and loads it. This file allows you to configure a few important settings that you should be aware of. Quite often, you’ll find you need to tweak settings in the php.ini file.

On the other hand, it’s certainly possible that you've never had a need to modify php.ini. PHP can run happily with the settings provided in the default php.ini file, since PHP ships with these default recommended settings. In fact, there are no critical configuration parameters that you must set in order to run PHP. 

However, the php.ini file provides a couple of important settings that you want to make yourself familiar with. In fact, as a PHP developer, it’s inevitable and you’ll encounter it sooner than later.

Where is php.ini?

In this section, we’ll see how to find the php.ini file which is loaded when you run the PHP script. This can be tricky—the location of the php.ini file vastly varies by the environment you’re running PHP with. If you’re running the Windows, you'll likely find the php.ini file within the directory of your PHP installation in the system drive. On the other hand, if you’re running another operating system, then it’s difficult to guess the exact location of the php.ini file—there are several possibilities.

This is where the phpinfo() function comes to the rescue. It will tell you where php.ini is located and it will also output all the important PHP configuration information. 

You can run phpinfo() by creating a .php file and calling that function. Go ahead and create the phpinfo.php file with the following contents and place it in your document root:

Load this file in your browser and you should see the output of phpinfo(). Look for the following section.

Location

As you can see, there are two sections. The first one, Configuration File (php.ini) Path, indicates the default path of the php.ini file in your system. And the second one, Loaded Configuration File, is the path from where the php.ini file is being loaded when PHP is run.

So you can edit the php.ini file indicated in the Loaded Configuration File section, and that should work in most cases. Of course, if you’re running PHP as an Apache module, you need to restart the Apache server to make sure that the changes you’ve made in the php.ini file are reflected.

On the other hand, if you’re using software like WAMP or XAMPP to run your web development stack, it’s even easier to modify the php.ini file—you can directly access it via the WAMP or XAMPP UI.

In the next section, we’ll explore a couple of important settings in the php.ini file.

Important Settings in php.ini

The php.ini file provides a lot of configuration directives that allow you to modify various behaviors of PHP. In fact, when you open the php.ini file, you may get overwhelmed by the number of directives it provides. I'll try to group them based on their behavior, and I hope it’ll be easy for you to understand.

Of course, we won’t go through each and every directive, but I’ll try to cover the most important ones. Let’s have a look at the list of categories of directives that we’re going to discuss.

  • error handling directives
  • file upload directives
  • security related directives
  • session directives
  • miscellaneous directives

Error Handling Directives

In this section, we’ll go through directives that are related to error handling and useful for debugging during development.

display_errors

The display_errors directive allows you to control displaying errors to the screen during script execution. You can set it to On if you want to enable displaying errors to the screen and Off in case you want to disable it. It’s important that you don’t ever enable this on a production site—it will slow your site down and could give hackers valuable clues to your site's security vulnerabilities.

error_reporting

This directive allows you to set the error reporting level. Mostly, this directive works in conjunction with the display_errors directive. This directive can accept E_ALL, E_NOTICE, E_STRICT and E_DEPRECATED constants.

You can set it to E_ALL if you want to display all types of errors like fatal errors, warnings, deprecated functions etc. You can also combine the different values if you want to filter out specific errors. For example, if you want to display all errors but notices, you can set it to E_ALL & ~E_NOTICE.

error_log

On a production website, you need to make sure that PHP it doesn’t display any errors to the client browser. Instead you can log errors somewhere so that later on you can refer to them in case something goes wrong with your site. The error_log directive allows you to set the name of the file where errors will be logged. You need to make sure that this file is writable by the web server user.

File Upload Directives

In this section, we’ll see a couple of important directives that allow you to enable file uploading capabilities in your PHP forms.

file_uploads

This is a boolean directive which allows you to enable HTTP file uploads. If you set it to On, you can use the file field in your forms and users will be able to upload files from their computer. On the other hand, if you set it to Off, file uploading is disabled altogether.

upload_max_filesize

If you have enabled the file upload feature on your website, and you’re facing difficulties in uploading files, this is the directive you should check first. It allows you to set the maximum size of a file that can be uploaded.

By default, it’s set to 2MB, and thus users can’t upload files larger than 2MB. You can fine tune this value as per your requirements—often you'll want to increase this limit to allow larger file uploads.

post_max_size

This setting allows you to set the maximum size of the POST data in your forms. When user submits a form with the POST method, the total POST data size should not exceed the value you’ve set to this directive.

This should be larger than the value you’ve set in upload_max_filesize directive, since file uploads are handled with POST requests.

Security Directives

In this section, we’ll see a few important directives that are related to security.

allow_url_fopen

The allow_url_fopen directive is disabled by default. But when it’s enabled, it allows remote file inclusion in PHP file functions. This means that your PHP files can include code from other servers. Be wary about enabling this—if your code is subject to an injection attack, remote file inclusion will make it much easier for a malicious user to hijack your server.

allow_url_include

The allow_url_include directive is similar to the allow_url_fopen directive, but it enables remote file inclusion in include functions. It allows you to include remote files in include, include_once, require and require_once functions.

If you want to enable this directive, you also need to make sure that you’ve enabled the allow_url_fopen directive as well.

Session Directives

Session management is one of the most important aspects when you’re working with PHP. In this section, we’ll go through a couple of important session directives.

session.name

The session.name directive allows you to set a name of the session cookie. By default, it is set to PHPSESSID, but you can change it to something else by using this directive.

session.auto_start

If you set the value of the session.auto_start directive to 1, the session module in PHP starts a session automatically on every request and thus you don’t have to use the session_start function in your scripts.

session.cookie_lifetime

The session.cookie_lifetime directive allows you to set lifetime of a session cookie. By default, it is set to 0 seconds, and it means that the session cookie is deleted when the browser is closed. This is a really useful setting which allows you to set up "remember me" kind of functionality, allowing your users to pick up where they left off on your site.

Miscellaneous Directives

In this last section, we’ll see a couple of other directives that are important in the context of PHP script execution.

memory_limit

The memory_limit directive allows you to limit the maximum amount of memory a script is allowed to use.

You want to fine tune this directive as per your requirements, and you should not set this too high to avoid memory outages on your server—poorly written or buggy scripts can eat up all the memory on your server if you let them!

max_execution_time

The max_execution_time directive sets the maximum amount of time a script is allowed to run before it is terminated. The default is 30 seconds, and you can increase it to some reasonable limit as per your requirements if it’s needed.

Similar to the memory_limit directive, you should not set this too high to avoid issues on your server.

max_input_time

The max_input_time directive allows you to set the maximum amount of time a script is allowed to parse incoming form data from a GET or POST.

If you have forms on your website that submit a large amount of data, you might like to increase the value of this directive.

Conclusion

It's impossible to cover each and every directive within a single article, but I’ve tried to cover the important ones. Feel free to post your queries if you want to know about any specific directives, and I’ll be happy to help!

As a PHP developer, it’s important that you understand the different directives in the php.ini file, and that should help you to fine tune your PHP configuration to your requirements.

The Best PHP Scripts on CodeCanyon

Explore thousands of the best and most useful PHP scripts ever created on CodeCanyon. With a low-cost one time payment, you can purchase these high-quality WordPress themes and improve your website experience for you and your visitors.

Here are a few of the best-selling and up-and-coming PHP scripts available on CodeCanyon for 2020.


No comments:

Post a Comment