Home » , » configuring PHP-impact security

configuring PHP-impact security

05:30
The primary mechanism for configuring PHP is the php.inifile.
As the master file, this provides you with control over all configuration settings.
Entries generally take the format:
setting= value

Be sure to read the comments provided in the file before making changes, though.
There are a few tricks, such as include_pathusing a colon (:) as a seperator on
Unix, and a semicolon (;) on Windows.
Most Web hosts will not provide you access to your php.inifile unless you have
root access to the system (which is typically not the case if you’re using a cheap
virtual hosting service). Your next alternative is to use .htaccessfiles to configure
PHP assuming the Web server is Apache.
An .htaccessfile is a plain text file that you place in a public Web directory to
determine the behavior of Apache when it comes to serving pages from that directory; for instance, you might identify which pages you’ll allow public access to.
Note that the effect of an .htaccessfile is recursive—it applies to subdirectories
as well.

To configure PHP with .htaccessfiles, your hosting provider must have the
Apache setting AllowOverride Optionsor AllowOverride Allapplied to your
Web directory in Apache’s main httpd.confconfiguration file. Assuming that
is done, there are two Apache directives you can use to modify PHP’s configuration:
php_flag
used for settings that have boolean values (i.e. on/offor 1/0) such as
register_globals

php_value
used to specify a string value for settings, such as you might have with the
include_pathsetting
Here’s an example .htaccessfile:

# Switch off register globals
php_flag register_globals off
# Set the include path
php_value include_path ".;/home/username/pear"
The final mechanism controlling PHP’s configuration is the group of functions
ini_setand ini_alter, which let you modify configuration settings, as well as
ini_get, which allows you to check configuration settings, and ini_restore,
which resets PHP’s configuration to the default value as defined by php.iniand
any .htaccessfiles. Using ini_set, here’s an example which allows us to avoid
having to define our host, user name and password when connecting to MySQL:
ini_set('mysql.default_host', 'localhost');
ini_set('mysql.default_user', 'harryf');
ini_set('mysql.default_password', 'secret');
if (!mysql_connect()) {
echo mysql_error();
} else {
echo 'Success';
}
Be aware that PHP provides for some settings, such as error_reporting, alternative functions that perform effectively the same job as ini_set.

Categories: ,
Related Posts:
  • PHP-max_execution_time php.ini Directives Related to the Connection-Handling Functions The following configuration directives can be used to control the behavior of the connection-handling functions. Directive Name Value Type Descri… Read More
  • How to create a thumbnail-PHP code To create a thumbnail, you pass the function PIPHP_MakeThumbnail()a GD image object and the maximum value of the greater dimension for the thumbnail. For example, the following code loads in the image in test.jpgusing the … Read More
  • PHP-script-Related Variables PHP-script Related Variables PHP automatically creates variables for all the data it receives in an HTTP request. This can include GET data, POST data, cookie data, and environment variables. The variables are e… Read More
  • PHPGTK-application window PHPGTK is an extension to PHP that allows you to create graphical user interface (GUI) applications. Instead of running in a browser, your PHP application runs in its own application window. These applications are clie… Read More
  • Networking Functions-PHP When using the PHP binaries for Windows that are available from http://php.net/, the getprotobyname(), getprotobynumber(), getservbyport(), and getservbyname() may not function as anticipated under Windows 2000. D… Read More
  • PHP Online Resources The major sites that use PHP, and a listing of all the books written on PHP. Not only does this site contain a plethora of resources, it also contains links to the other PHP sites, the latest news about all things PHP … Read More
  • php.ini Settings for Session Management Before you get started with this chapter, you may have to make a couple of minor changes to your php.ini file so that sessions work correctly. On Windows If you are using a Windows version of PHP, the first thing you… Read More
  • configuring PHP-impact security The primary mechanism for configuring PHP is the php.inifile. As the master file, this provides you with control over all configuration settings. Entries generally take the format:setting= value Be sure to read the comment… Read More
  • PHP-Http Environment Variables A Web browser makes a request of a Web server, it sends along with  the request a list of extra variables. These are called environment  variables, and they can be very useful for displaying dynamic content or… Read More
  • top Database management system-PHP PHP Support for Multiple Databases  If you have been playing with PHP for a while, you have most likely noticed its excellent support for connecting to MySQL databases. Most of the PHP books on the market describ… Read More
  • PHP-Array Functions -list(),each(), and count(). list() is sort of an operator, forming an lvalue (a value that can be used on the left side of an expression) out of a set of variables, which represents itself as a new entity similar to an element of a multidimension… Read More
  • PHP-Mail Functions PHP contains two dedicated mail functions, which are built into PHP by default. The mail() function allows for the sending of email directly from a script, and ezmlm_hash() provides a hash calculation useful for interf… Read More
  • Make a PHP session code  Make a PHP session code session_start int session_start(void) Initializes a session. Returns: Always returns TRUE Description: Initializes a session. If a session ID is sent as a GET or in a cookie and is … Read More
  • php-Data Types Data Types PHP provides four primitive data types: integers, floating point numbers, strings, and booleans. In addition, there are two compound data types: arrays and objects.  Integers Integers are whole num… Read More
  • PHP-HTTP and Sessions-Maintaining State HTTP has no mechanism to maintain state; thus HTTP is a context-free or stateless protocol. Individual requests aren't related to each other. The Web server and thus PHP can't easily distinguish between single users and… Read More