Menu Close

PHP.INI Cheat Sheet

Here is a guide for php.ini and some of the things we have learnt in the years of managing websites for web developers.

A handy hint:  For basic website (such as wordpress) and a LAMP stack, you can temporarily rename php.ini in the public_html directory when you are encountering problems  to quickly see if the problem is being caused by a custom entry in this file. Sometimes php.ini files can hangover from installations years ago and the website will break when there is a php upgrade.  Often the default php.ini in for the server will be sufficient.  This has fixed many basic wordpress websites for me that didn’t need a custom php.ini at all.  Otherwise here is a handy guide for some custom settings.

Here is the original PHP documentation 

Here are some common settings (especially for CMS sites like wordpress).  Its not a good idea just to set these to maximum.   You need to find a happy balance so busy sites or sites getting attacked don’t make your server run out of memory for example.  Sometimes updating the CMS or plugins can fix problems and you won’t need to increase these.  Often improving cache settings can also take the load off the server.

max_execution_time = 30;      // (you could change to 60 Seconds)
upload_max_filesize   = 20M;             //  (default 8 – Max, 32)
post_max_size = 20M;                //  (Average, 20  – Max, 32)
register_globals = Off;                 //    (off by default – you can turn On)
allow_url_fopen = On;               //    (off by default  – you can turn to On)
memory_limit  = 24M;                //   (default of 8M, Max 32)

display_errors = Off;   //(turn on for development )

max_execution_time

This tells the maximum time a script can take to process. You have to set the setting in seconds. Usually value is 30 or 60. This can prevent badly written code hanging the web server.

After mentioned seconds, if PHP parser is still unable to produce the output, it would stop the execution and will throw an error saying the script reached maximum execution time.

However there may be cases that you are sure the code is correct and you just need bit more time (like in a data importing). In such cases, you may increase the value. But keep in mind that a certain script needs more than a minute to execute means it needs improvement (if it’s a data importing, think about doing it part by part etc).

short_open_tag

Best to set this to “Off” to make sure that you write portable code.  You dont really want application that have <? and ?> rather than <?php and ?>  as shortcodes are disabled for some  web server as a global setting.

memory_limit

This setting specifies the maximum runtime memory a script can consume. Value is set in megabytes and default value is usually ‘16M’. As max_execution_time, you may increase the limit but it implies necessary improvements in your PHP script.

register_globals

Usually default value of this setting is ‘Off’. Turning this ‘On’ allows to use form submitted data ($_GET and $_POST), cookies ($_COOKIE) and server variables ($_SERVER) to use in global scope.

For an example, if there is a form field called firstName and if the form uses postmethod to submit the form to the server then at the server you have to access that value as $_POST[‘firstName’] (that is using $_POST array). But if you turn this option ‘On’ then you can access the value by just $firstName.

Even though this looks cool, it can lead to security issues and conflicts with your custom variables. This setting is deprecated in PHP version 5.3.0 and is removed in version 6.0.0. That means you will have to access mentioned values via their respective built-in arrays.

safe_mode

When safe_mode is ‘On’, it prevents executing of certain built-in PHP functions where most of them have security concerns (like system() that executes operating system commands).

PHP manual mentions that it’s architecturally incorrect to take this decision at PHP level and this setting is deprecated in PHP version 5.3.0 and is removed in version 6.0.0. Thus its default value is ‘Off’.

display_errors

For development: display_errors = On
For production: display_errors = Off