Installing and configuring PHP. Tools for working with .ini files of web applications

Twitter

If you ask a web programmer which of all the PHP distribution files is the most important, many may answer that the interpreter itself, libraries, extensions, etc. No, the most important file- this is php.ini: a small text file that contains all PHP settings (directives), extension module configurations and environment variables. Through the configuration file, you can configure PHP for maximum performance, disable potentially dangerous functions and modules, and, of course, if the configuration is unsuccessful, disrupt the operation of the entire system (no, not the entire server, at most the web server and PHP).

But the value of system variables can be set not only through php.ini, but also by other methods, albeit with limitations. To understand this, we should briefly consider the mechanism for processing configuration files by the PHP environment.

Firstly, in the very simple case When PHP is running as a CGI application, the file is reread every time the interpreter is started. If it is connected as a SAPI module to the Apache server, then the path to the file is determined by the PHPIniDir directive of the server configuration.

If after this configuration file was not found, its search continues in the following places: for the Win32 server, the registry key HKEY_LOCAL_MACHINE\SOFTWARE\PHP\IniFilePath is checked, then the file is searched in the current directory from where the interpreter is running (php-cli.exe), in the root directory of the web server (for SAPI module) or in the PHP root directory. Then the search continues in the system directories (C:\WINDOWS, C:\WINXP, C:\SYSTEM32) and in the directory specified at the PHP build stage with the "--with-config-file-path" option.

In addition, the options themselves can be specified in different files, for example, in Apache server configuration files (httpd.conf), in .htaccess files (for individual site directories), in separate files php.ini, placed in directories with scripts, and even in the PHP scripts themselves by calling the ini_set() function. Depending on where and how the variable is set, it will have different effect– for the current script, for a separate site or directory, for the entire server until reboot.

Why such diversity? Very simple. For example, in a typical situation, when your site is located on shared hosting, you are unable to reconfigure the PHP configuration for yourself, while at the same time, for the scripts to work normally, you need to set some variables that differ from the hoster’s settings. Then you simply install the php.ini file in the directories of your site, in which you specify all the settings you need. If you need to change just one or two variables, this can be done by calling the ini_set() function at the beginning of the script. But pay attention to one thing. Since ini_set() is a PHP function and, accordingly, is executed after the interpreter has been initialized, some settings will be ignored, since they affect the work only at the initial stage of PHP startup. Don’t worry, such parameters, as well as erroneous (syntactically) incorrect ones, will simply be ignored and will not lead to any consequences in the work.

Let's give practical example. There is a directive error_reporting, which indicates the level of detail in the output of error messages during the interpretation of the PHP script. It can be configured to display both all messages and just warnings that do not affect the operation of the program. You can reconfigure it for yourself, for example, allowing only execution-critical errors to be shown. In this case, the variable should contain the value "E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR" - that is, display compiler errors, critical environment and kernel errors. You can set a variable by calling the ini_set() function, which takes two string parameters: the first line describes the name of the option, and the second line describes the new value. In our case it is: ini_set("error_reporting", "E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR");. That's all, as a result, PHP will use the new value of the error_reporting variable every time you run your script, while for all other users the default value described in php.ini will remain.

Before replacing an environment variable, it is advisable to check its current value - this is done using a function call ini_get(), which takes one parameter, a string with the name of the variable, and returns a string with its current value. In our example the code echo ini_get("error_reporting"); will return E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR, that is, just set value, at the same time, if we call ini_get() before setting a new value, we will get something like E_ALL & ~E_NOTICE (this may differ on different hosting sites) - display messages about all errors, excluding warnings.

But, before setting variables, it is advisable to navigate the file structure php.ini and in available parameters. There is little information on this topic other than the comments in php.ini itself, so we will try to describe in detail the most important variables that you will have to deal with.

The general structure of the php.ini file is very simple. The entire file is divided into sections, each section groups variables related to a particular module or the entire PHP environment as a whole. In each section, variables (directives) are specified in the form variable_name=value, Where meaning can be either an arbitrary string (if it contains spaces, it is enclosed in double quotes) or a value On/Off(then such a variable is also called a flag). Variables are specified one per line, and all lines that begin with " ; " are treated as comments and are not processed. Remember that directive names are case sensitive and are mostly written in lowercase letters.

The section title is square brackets. For example, the first section is general settings environment – . The section of the ODBC module for communication with databases has the name, MySQL access settings are made in the section, and new interface MySQLI is configured in , session parameters are specified in the section. Each section, excluding the system-wide one, corresponds to some extension, if, of course, it needs to be configured.

For now, let's start with the directives described in section. We'll be looking at a PHP version 5.0.x configuration, so if you have more than early version, some directives may be missing.

engine =— a flag that allows PHP to work on the Apache server. By default it is always set to On.

zend.ze1_compatibility_mode =— the directive appeared in PHP 5.0 and allows you to switch to compatibility mode with scripts written for previous versions. If you are customizing PHP for yourself and you do not need to maintain compatibility, set the flag to Off, but if PHP is customizing for shared server, then it is logical to allow users to run all scripts written taking into account the Zend I core (PHP 4.x).

short_open_tag =— PHP can recognize several different tags for the beginning and end of a program block. This flag allows the use of a short notation like.

precision =- indicates how much significant figures must take into account RHP when operating with fractional numbers. The default is 12 characters, which is quite enough.

output_buffering =— enables output buffering for all pages or sets the buffer size in bytes (if the value is an integer, for example 4096, sets the buffer size to 4 KB). Used to temporarily buffer HTTP headers and cookies before sending other content to the client.

output_handler =- Allows you to specify a function to redirect all page output. At the same time, if the function is specified, the output_buffering directive is enabled. Can be used for generated content transcoding, compression, caching or other post-processing. If the directive is not used, give it an empty value (an empty string or the value none).

safe_mode =— switches PHP to a special protected operating mode, which has increased security, but also imposes restrictions on programming. It can be very useful when creating systems with increased security. This directive is associated with several others with names starting with safe_mode_, which set specific restrictions and additional checks. By default, the directive is set to Off.

disable_functions =— specifies a list of functions the use of which is prohibited in user scripts. Can be used for additional security security by blocking potentially dangerous functions (for example, system calls). To specify functions, list them in double quotes separated by commas. For example, “exec,php_info,file,ini_set” prohibits calls to the exec(), php_info(), file(), ini_set() functions. But this directive can only be installed before PHP initialization, that is, in the php.ini or httpd.conf file.

max_execution_time =— indicates the time in seconds during which one script can be executed. If the limit is exceeded, script execution is forced to terminate with an error. This can be useful for forcing a stop of incorrectly written programs that will interfere normal operation server. At the same time, you should not install too little time, since when working with remote hosts, databases or files, the allotted time may expire before the script runs.

max_input_time = [-1/integer]— specifies the time in seconds during which the script can output data. It is advisable not to set it less than the max_execution_time directive. If the script intensively outputs data, for example, processes something in a loop and displays large fragments of text, then the directive should be assigned large values or not set at all - then the only limitation will be the total execution time of the script. The directive can only be installed via php.ini.

memory_limit =— sets the size random access memory, allocated for one script. The prefix M indicates that the size is in megabytes, and K - KB. For public server(For example, virtual hosting) you can set a lower value, but if you need to perform intensive calculations or plan to run serious commercial programs, the value can be increased (depending on the size of RAM on the server).

display_errors =— allows the user to display messages about runtime errors and PHP warnings. I would recommend always enabling this directive not only in debugging mode, but also in real work, and more precisely tuning the output detail using the error_reporting option.

error_reporting = [set of predefined constants]— indicates the desired detail of messages about errors and failures in the interpreter.

Constants can be combined using bitwise addition operators. The most important constants are: E_ALL (all errors and warnings), E_COMPILE_ERROR (fatal compiler errors), E_CORE_ERROR (fatal errors during PHP kernel initialization), E_ERROR (fatal runtime errors), E_PARSE (syntax errors), E_NOTICE and E_WARNING (runtime warnings). executions that are not critical for the operation of the script).

To debug the script, it is advisable to set the maximum message detail, for example error_reporting = E_ALL, in actual operation it is desirable to exclude warnings that do not affect operation, e.g. error_reporting = E_COMPILE_ERROR|E_CORE_ERROR|E_ERROR will show only fatal errors (another option: error_reporting = E_ALL & ~E_NOTICE & ~ E_WARNING).

Direct link: php-5.3.10-Win32-VC9-x86.zip
At the same time, immediately download the documentation in Russian in .chm format, you will need it when studying and working: php_enhanced_ru.chm

Unpack the archive into the desired directory (initially, “C:\php” is suggested). Open the configuration file containing the recommended settings - “php.ini-development” (located in the root of the distribution), rename it php.ini and make the following changes.

Editing php.ini:

Find the line:
post_max_size = 8M
Increase to 16 MB maximum size data received by the POST method, changing it to:
post_max_size = 16M
Find the line:
;include_path = ".;c:\php\includes"
Uncomment it by removing the semicolon before the line.
(Attention exception! Backslashes when specifying path):
include_path = ".;c:\php\includes"
Create an empty directory "C:\php\includes" to store the included classes.
Find the line:
extension_dir = "./"
Set the value of this directive to the path to the folder with extensions:
extension_dir = "C:/php/ext"
Find the line:
;upload_tmp_dir =
Uncomment it and specify the following path in the value:
upload_tmp_dir = "C:/php/upload"
Create an empty folder “C:\php\upload” to store temporary files uploaded via HTTP.
Find the line:
upload_max_filesize = 2M
Increase the maximum allowed file upload size to 16 MB:
upload_max_filesize = 16M
Connect, uncommenting, the extension library data:
extension=php_bz2.dll
extension=php_curl.dll
extension=php_gd2.dll
extension=php_mbstring.dll
extension=php_mysql.dll
extension=php_mysqli.dll
Find the line:
;date.timezone=
Uncomment and set the value to the time zone of your location (a list of time zones can be found in the documentation):
date.timezone = "Europe/Moscow"
Find the line:
;session.save_path = "/tmp"
Uncomment and set the value of this directive to the following path:
session.save_path = "C:/php/tmp"
Create an empty folder “C:\php\tmp” to store temporary session files.

Save your changes and close the php.ini file.

Next you need to add a directory with installed PHP interpreter in PATH operating system. To do this, follow the path “Start” -> “ Control Panel"(Control Panel) -> "System", open the "Advanced" tab, click the "Environment Variables" button, in the "System Variables" section (" System variables") do double click on the “Path” line, add in the “Variable Value” field, to what already exists there, the path to the directory with PHP installed, for example, “C:\php” (without quotes). Note that the semicolon character separates the paths. To changes made have taken effect, reboot the operating system.

Example Path string:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\php;C:\Program Files\MySQL\MySQL Server 5.5\bin

Installation and PHP setup interpreter - completed.

Description of connected libraries:

php_bz2.dll- By using of this extension PHP will be able to create and unpack archives in bzip2 format.

php_curl.dll– A very important and necessary library that allows you to connect and work with servers using huge amount Internet protocols.

php_gd2.dll– Another indispensable library that allows you to work with graphics. You thought PHP was only possible HTML pages generate? But no! With PHP you can do almost anything, including drawing.

php_mbstring.dll– The library contains functions for working with multi-byte encodings, which include the encodings of eastern languages (Japanese, Chinese, Korean), Unicode (UTF-8) and others.

php_mysql.dll– The name of the library speaks for itself - it is necessary to work with the MySQL server.

php_mysqli.dll – This library is an extension of the previous one and contains additional functions PHP for working with the server MySQL versions 4.1.3 and higher.

These libraries should be enough for PHP to work properly. Over time, if the need arises, you will be able to connect additional libraries, but you shouldn’t connect them all at once with the thought that you won’t spoil the porridge with butter; in this case An excessive number of included libraries can significantly slow down PHP.

Original article: http://php-myadmin.ru/learning/instrument-php.html

php has many settings described in the php.ini file. This file must be available in system search paths in order for php to use these settings. Usually this is sufficient to store this file in the same directory as php itself, but if php is configured to run as a web server module, then this file must be copied to a directory that is explicitly accessible in the system search paths. See the php installation section for more detailed instructions.

Here we look at the main PHP parameters, divided into categories. The list of parameters basically corresponds php versions 4.0.6, however, only the main parameters are considered here. A complete list of parameters with comments for each of them can be seen directly in php.ini, as well as in the corresponding php section manual.

The values of parameters with “yes/no” options can be as follows:

YES - 1, on, true or yes
NO - 0, off, false or no

Short_open_tag

Enabling support for a shortened version of php tags. If this option is disabled, then php code will be recognized only inside tags. If enabled, then the use of tags is allowed. In a good manner it is considered not to use an abbreviation php entries tags

Enabling support for asp tags<% %>as php tags.

Output_buffering

Enable buffered php output. Using buffered output will allow you, for example, to use any functions that operate on http headers (header(), setcookie()) anywhere in your script, without worrying about not outputting anything before. You can control the buffered output output and from your scripts (see the section output control functions in the php manual). Be aware that if output buffering is enabled, the result of the script will be returned to the browser only after the script has finished running, which can lead to more slow work site.

Enabling Safe Mode php works. Safe mode prevents scripts from performing any actions that are unsafe for the server running php. Very detailed safe mode php work is covered in the php manual.

Max_execution_time

Maximum operating time php script(in seconds). After this time, the script will be forcibly terminated and the corresponding error will be displayed. Allows you to avoid problems with "looping" scripts.

The maximum amount of memory that can be allocated for the script's needs. It also avoids problems with "looping" scripts.

Error_reporting

Mask for error messages that should be generated by php. Specified in the form logical expression using a set of predefined constants that describe Various types errors. A list of these constants, as well as rules for specifying expressions, can be found in php.ini.

Display_errors

Determines whether error messages should be displayed on the screen. Usually this option is enabled when writing PHP scripts, in order to be able to see error messages, and real servers on the Internet it is usually disabled for security reasons.

If this option is enabled, then all errors will be recorded in log file, defined by the following option.

The path and name of the file where all error messages generated by php will be written. For systems that support a system error log, you can set this parameter to syslog in order to redirect all error messages there.

If this option is enabled, then the text last mistake will always be available from the $php_errormsg variable.

Register_globals

This parameter determines whether the so-called. egpcs variables (environment, get, post, cookies, session) are available as global php variables. If this parameter is enabled, then variables will be accessed in the same way as any other global php variables:

echo "Version http protocol: " . $server_protocol ;
echo "Query string parameter: ". $param1 ;
echo "Form element: " . $txtfirstname ;
echo "My cookies: " . $mycookie ;
echo . $mysessionvar ;

Or the same thing, but with the parameter disabled:

echo "http version protocol: ". $http_env_vars["server_protocol"];
echo "Query string parameter: ". $http_get_vars ["param1" ];
echo "Form element: " . $http_post_vars["txtfirstname"];
echo "My cookies: " . $http_cookie_vars["mycookie"];
echo "My session variables: ". $http_session_vars["mysessionvar"];

At first glance, this is less convenient, but disabling this option also has its advantages:

Php starts working a little faster because... not wasted Extra time to create many variables.
There is no risk that any two variables will have the same names, which will lead to errors in the script that will be very difficult to catch due to their non-obviousness.
variables_order

This parameter is used in conjunction with the previous parameter and determines the sequence in which global egpcs variables are registered. For example, with the default value (egpcs), variables passed via get will be replaced by variables passed via post that have the same name. post variables (as well as environment and get variables) can in turn be overridden cookie values with the same names, etc.

Magic_quotes_gpc

Enabling this parameter will cause all data coming from the client (via get, post or cookie) to be processed: all quotes (" and ") in them will be replaced with the combination " or ", respectively. On the one hand, this is very convenient if you plan, for example, to insert this data into strings transmitted, for example, to an sql server. But on the other hand, this can lead to confusion, so it is usually safer to use the addslashes() and stripslashes() functions for this purpose.

Magic_quotes_runtime

This parameter is similar to the previous one, except that it affects data coming from external sources located on the server side (for example, data coming from a sql server or the results of external programs).

Magic_quotes_sybase

Enabling this option will cause single quotes (") to be doubled (""). This is necessary for some sql servers, which only support this method of inserting quotes into strings (interbase, ms sql, sybase and some others).

Auto_prepend_file

Allows you to specify the path and name of a file that will be automatically added to the beginning of each PHP script. Only used if it has a non-empty value.

Auto_append_file

The same as the previous parameter, but the contents of the file are added to the end of each PHP script.

Path to the directory where the php modules are located. This is usually the extensions subdirectory in root directory php.

Last update: 12/16/2017

Eat different ways installation of everything necessary software. We can install components separately, or we can use ready-made assemblies like Denwer or EasyPHP. In such assemblies, the components already have initial setup and are already ready to create websites. However, sooner or later developers still have to resort to installation and configuration individual components, connecting other modules. Therefore, we will install all components separately. Windows will be used as the operating system.

What does installing PHP involve? Firstly, we need PHP interpreter. Secondly, we need a web server, for example, Apache, with which we can access the resources of the site we are creating. Third, since we will be using databases, we will also need to install some kind of database management system. MySQL was chosen as the most popular in conjunction with PHP.

To install PHP, let's go to the developers' website http://php.net/. On the downloads page we can find various distributions for the operating system Linux systems. If our operating system is Windows, then we need to download one of the packages from the page http://windows.php.net/download/.

Download the zip package of the latest PHP release:

Usually, latest issue PHP has two versions: Non Thread Safe and Thread Safe. We need to select the Thread Safe version. This version has options for 32-bit and 64-bit systems.

Let's unpack the downloaded archive into a folder called php. Let this folder be located at the root of drive C.

Now we need to do some minimal PHP configuration. To do this, go to the c:\php directory and find the file there php.ini-development. This is the initial configuration file for the interpreter. Let's rename this file to php.ini and then open it in a text editor.

Let's find the line in the file:

; extension_dir = "ext"

This line points to the directory with plug-in extensions for PHP. Let's uncomment it (removing the semicolon):

Extension_dir = "ext"

Since all extensions are in the ext directory.

Since we will be using bases MySQL data, then we need to specify the extension in php.ini. By default, it is already in the file, only it is commented out:

;extension=mysqli

Let's uncomment it by removing the semicolon:

Extension=mysqli

Now by default this library will be used when working with the database. We can also uncomment other extensions if necessary. But for starters, one is enough for us.

We will leave the rest of the file contents unchanged.

Now let's install the web server.

The php.ini configuration file is the main configuration tool for the PHP core. It is counted every time PHP is initialized. If the change is not visible, be sure to stop and restart httpd. If the changes you made are still in effect, use the phpinfo() function to check where php ini is located.

The configuration file is well commented and detailed. Parameters are case sensitive, values keywords- No; spaces and lines starting with a semicolon are ignored. Boolean values can be represented as 1/0, Yes/No, On/Off or True/False. Default values in php.ini will affect PHP installation, which can be configured later.

In this article we will look at important settings in the php.ini file, which may be required for the PHP parser.

short_open_tag = Off

Short open tags look like this:. This setting must be set to Off if you want to use the XML processing features.

safe_mode = Off

If this setting is ON, you probably compiled PHP with the enable-safe-mode flag. Safe Mode is most important for using CGI.

safe_mode_exec_dir =

This option only matters if Safe Mode is enabled. It can also be installed with the --with-exec-dir flag during the Unix build process. PHP executes external functions in safe mode binary files only from this catalogue. The default directory is /usr/local/bin . This has nothing to do with serving a regular PHP/HTML web page.

safe_mode_allowed_env_vars =

This php ini option specifies which environment variables users can change in safe mode. By default, only those variables that have "PHP_" appended to them. If this directive is empty, then most variables can be changed.

safe_mode_protected_env_vars =

The parameter sets which environment variables users cannot change in safe mode, even if the safe_mode_allowed_env_vars option is enabled.

disable_functions =

Enough useful addition in the PHP4 configuration, which has been preserved in the PHP5 version, is the ability to disable selected functions for security reasons. Previously, this required manual editing of the C code in which the PHP interpreter was written. Functions file system, operating system and network should be first on this list because the ability to write files and change the system via HTTP is not secure.

max_execution_time = 30

When setting up php ini, you need to be aware that the set_time_limit() function will not work in safe mode. Therefore, this is the main way to implement delaying script execution in safe mode. On Windows you have to do force termination, based on maximum memory consumption rather than time. You can also use the Apache timeout setting to implement a delay. But it will also apply to non-PHP site files.

error_reporting = E_ALL & ~E_NOTICE

The default is E_ALL & ~E_NOTICE , all errors except notifications. Servers should be set to at least the default value. And only on main servers a lower value can be used.

error_prepend_string = [""]

Together with » is used with strings, as in forming the value of a form field.

variables_order = EGPCS

Replaces gpc_order . Both versions have been deprecated along with register_globals. It sets the order of various variables: Environment, GET, POST, COOKIE and SERVER (or Built-in). You can change this order. Variables will be overwritten sequentially from left to right, with the rightmost one always “winning”. This means that if you leave the default value and use one name for the environment variable, POST variable and the COOKIE variable, then, in the end, the name will belong to the COOKIE variable.

register_globals = Off

This php ini set option allows you to determine whether EGPCS variables should be registered as global. This method has now been deprecated, and as of PHP 4.2 this flag is set to Off by default. Use superglobal arrays instead.

gpc_order = GPC

This option is deprecated.

magic_quotes_gpc = On

Escapes quotes in GET/POST/COOKIE input. If you use many forms that submit data to themselves or other forms, and display form values, you will need to enable this directive or use the addslashes() functions on string data types.

magic_quotes_runtime = Off

This option escapes quotes in incoming database strings and text lines. Remember that SQL adds slashes to single quotes and apostrophes when storing strings and does not remove them when returning strings. If this option is disabled, you must use the stripslashes() function when outputting any type of string data from a SQL database. If magic_quotes_sybase is set to On , then this setting should be Off .

magic_quotes_sybase = Off

Escapes single quotes in incoming database strings and text strings with Sybase-style single quotes rather than backslashes. If magic_quotes_runtime is set to On , this option should be disabled.

auto-prepend-file=

If this php parameter ini path is specified, PHP should automatically add an include() construct to the beginning of every PHP file. Restrictions on include file paths should be taken into account.

auto-append-file=

If this parameter specifies a path, PHP must automatically insert an include() construct at the end of every PHP file, except when exiting using the exit() function. Restrictions on include file paths should be taken into account.

include_path =

If you set this value, you will only be allowed to include or request files from the specified directories. The include directory is usually located under the root document. This is necessary if you are working in safe mode. Set the parameter to .in to include files from the directory where your script is located. Multiple directories are separated by colons: .:/usr/local/apache/htdocs:/usr/local/lib.

doc_root =

When setting up php ini, if you are using Apache, then in the httpd.conf file is the document root directory for that server or virtual host already set. Set this value here if you are using Safe Mode or only want to allow PHP for part of the site ( for example, in only one subdirectory).

file_uploads =

Activate this flag if you are uploading files using a PHP script.

upload_tmp_dir =

Don't remove comments from this line if you don't understand what !

session.save-handler = files

Except in rare cases, you do not need to change this setting.

ignore_user_abort =

Determines what happens if a site visitor clicks the “Stop” button in their browser. The default is On, which means the script will continue to run until it completes or times out. If you change the value this parameter to Off , the script will be aborted. This option only works in module mode, not in CGI mode.