PHP.ini Configuration
The php.ini file is the initialization file for PHP and is responsible for configuring many aspects of PHP’s behavior. PHP searches for and loads this configuration file from various locations.
Search Order for php.ini
PHP attempts to find and load the php.ini configuration file from the following locations:
- SAPI module specific location
- The PHPRC environment variable (as of PHP 5.2.0)
- Predefined registry keys on Windows (as of PHP 5.2.0)
- Current working directory (except for CLI)
- The web server’s directory (for SAPI modules), or the directory of PHP (otherwise in Windows)
- The directory from the
--with-config-file-pathcompile-time option, or the Windows directory (C:\windows or C:\winnt)
For more information, see the PHP documentation: PHP Configuration File.
Syntax of php.ini
The syntax in the php.ini file is simple:
- Whitespace and lines beginning with a semicolon (
;) are ignored. - Section headers (e.g.,
[Foo]) are also ignored, even though they may be used in future versions of PHP. - Directives following the section heading
[PATH=/www/mysite]apply only to PHP files in the/www/mysitedirectory. - Similarly, directives following the section heading
[HOST=www.example.com]apply only to PHP files served fromwww.example.com.
Currently, [PATH=] and [HOST=] sections only work under CGI/FastCGI environments. For more details, visit: INI Sections.
Directive Syntax
Directives in php.ini are specified using the following syntax:
directive = value
- Directive names are case-sensitive (e.g.,
foo=baris different fromFOO=bar). - The value can be:
- A string, a number, a PHP constant (e.g.,
E_ALLorM_PI), - One of the INI constants (On, Off, True, False, Yes, No, None),
- An expression (e.g.,
E_ALL & ~E_NOTICE), or - A quoted string (e.g.,
"bar"), or - A reference to a previously set variable or directive (e.g.,
${foo}).
- A string, a number, a PHP constant (e.g.,
Boolean Flags
- On and Off values are used to set boolean flags.
- Flags can be turned on using the values
1,On,True, orYes. - Flags can be turned off using the values
0,Off,False, orNo. - An empty string can be denoted by:
- Not writing anything after the equal sign (e.g.,
foo =), - Using the
Nonekeyword (e.g.,foo = None), or - Using the string
'None'(e.g.,foo = "None").
- Not writing anything after the equal sign (e.g.,
About php.ini Files
PHP comes packaged with two php.ini files:
- php.ini-production: Contains settings optimized for security, performance, and best practices for production environments. However, these settings may break compatibility with older or less secure applications. It’s recommended to use
php.ini-productionin production and testing environments. - php.ini-development: Similar to
php.ini-production, but with more verbose error reporting. This version should be used only in development environments to avoid leaking sensitive information to users.
Quick Reference for Production vs Development
Below are key differences between php.ini-production and php.ini-development regarding PHP’s default behavior. These settings are designed to help optimize PHP for either production or development environments.
| Setting | Default Value | Development Value | Production Value |
|---|---|---|---|
| display_errors | On | On | Off |
| display_startup_errors | Off | On | Off |
| error_reporting | E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED | E_ALL | E_ALL & ~E_DEPRECATED & ~E_STRICT |
| html_errors | On | On | On |
| log_errors | Off | On | On |
| max_input_time | -1 (Unlimited) | 60 | 60 |
| output_buffering | Off | 4096 | 4096 |
| register_argc_argv | On | Off | Off |
| request_order | None | ”GP" | "GP” |
| session.gc_divisor | 100 | 1000 | 1000 |
| session.hash_bits_per_character | 4 | 5 | 5 |
| short_open_tag | On | Off | Off |
| track_errors | Off | On | Off |
| url_rewriter.tags | ”a=href, area=href, frame=src, form=" | "a=href, area=href, frame=src, input=src, form=fakeentry" | "a=href, area=href, frame=src, input=src, form=fakeentry” |
| variables_order | ”EGPCS" | "GPCS" | "GPCS” |
php.ini Options
- user_ini.filename: Name for user-defined php.ini files. Default is
.user.ini. - user_ini.cache_ttl: Time-to-live for user-defined php.ini files, in seconds. Default is 300 seconds (5 minutes).
Language Options
- engine: Enables the PHP scripting language engine under Apache.
- short_open_tag: Determines if PHP will recognize
<?and?>as PHP tags. Recommended to use<?phpand?>. - precision: Number of significant digits displayed in floating point numbers.
- output_buffering: Controls how much output data PHP should keep before sending it to the client.
- implicit_flush: Enables implicit flushing after every output block.
Additional Security Features
- disable_functions: Disables certain PHP functions for security reasons.
- disable_classes: Disables certain classes for security reasons.
- open_basedir: Limits file operations to a defined directory and below.
- zend.enable_gc: Enables or disables the circular reference collector.
For more detailed settings and configurations, refer to the PHP Documentation.