Настройка во время выполнения
Поведение этих функций зависит от установок в php.ini.
| Name | Default | Changeable | Changelog |
|---|---|---|---|
| assert.active | "1" | PHP_INI_ALL | |
| assert.bail | "0" | PHP_INI_ALL | |
| assert.warning | "1" | PHP_INI_ALL | |
| assert.callback | NULL | PHP_INI_ALL | |
| assert.quiet_eval | "0" | PHP_INI_ALL | |
| enable_dl | "1" | PHP_INI_SYSTEM | Removed in PHP 6.0.0. |
| max_execution_time | "30" | PHP_INI_ALL | |
| max_input_time | "-1" | PHP_INI_PERDIR | Available since PHP 4.3.0. |
| max_input_nesting_level | "64" | PHP_INI_PERDIR | Available since PHP 4.4.8. Removed in PHP 5.0.0. |
| magic_quotes_gpc | "1" | PHP_INI_PERDIR | PHP_INI_ALL in PHP <= 4.2.3. Removed in PHP 6.0.0. |
| magic_quotes_runtime | "0" | PHP_INI_ALL | Removed in PHP 6.0.0. |
Краткое разъяснение конфигурационных директив.
- assert.active boolean
-
Enable assert() evaluation.
- assert.bail boolean
-
Terminate script execution on failed assertions.
- assert.warning boolean
-
Issue a PHP warning for each failed assertion.
- assert.callback string
-
user function to call on failed assertions
- assert.quiet_eval boolean
-
Use the current setting of error_reporting() during assertion expression evaluation. If enabled, no errors are shown (implicit error_reporting(0)) while evaluation. If disabled, errors are shown according to the settings of error_reporting()
- enable_dl boolean
-
This directive is really only useful in the Apache module version of PHP. You can turn dynamic loading of PHP extensions with dl() on and off per virtual server or per directory.
The main reason for turning dynamic loading off is security. With dynamic loading, it's possible to ignore all open_basedir restrictions. The default is to allow dynamic loading, except when using безопасный режим. In безопасный режим, it's always impossible to use dl().
- max_execution_time integer
-
This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30.
The maximum execution time is not affected by system calls, stream operations etc. Please see the set_time_limit() function for more details.
You can not change this setting with ini_set() when running in безопасный режим. The only workaround is to turn off safe mode or by changing the time limit in the php.ini.
Your web server can have other timeouts. E.g. Apache has Timeout directive, IIS has CGI timeout function, both default to 300 seconds. See the web server documentation for meaning of it.
- max_input_time integer
-
This sets the maximum time in seconds a script is allowed to parse input data, like POST, GET and file uploads.
- max_input_nesting_level integer
-
Sets the max nesting dept of input variables (i.e. $_GET, $_POST..)
- magic_quotes_gpc boolean
-
Внимание
This feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.
Замечание: In PHP 4, also $_ENV variables are escaped.
Замечание: If the magic_quotes_sybase directive is also ON it will completely override magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ''. Double quotes, backslashes and NUL's will remain untouched and unescaped.
See also get_magic_quotes_gpc()
- magic_quotes_runtime boolean
-
Внимание
This feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.
Коментарии
Caution: Although magic_quotes_gpc is flagged as dreprecated the default value is still "ON". So you will explicitly have to put
magic_quotes_gpc = Off
into your php.ini. Commeting out the magic_quotes_gpc-line will not turn magic_quotes_gpc off.
I think it is important to mention that some distributions apply bugfixes for older versions so "Available since PHP 5.3.9" is not reliable, for example:debian squeeze implemented the directive max_input_vars in PHP 5.3.3-7+squeeze7 (see http://ftp-master.metadata.debian.org/changelogs/main/p/php5/php5_5.3.3-7+squeeze17_changelog )
The max_input_vars limit can be overcome by reading the input in raw, i.e.:<?php
$sRawInputData= fopen( 'php://input' );
?>
The max_input_vars setting is defined as "How many input variables may be accepted" but this is not completely correct. There is a +1 factor.
For example, if the value is 2 then the $_POST array can have up to 3 elements, if it is 1000 then it can have 1001 elements, and so on.
I want to stop the execution of the php code when there is a chance that some data was not received. Therefore, instead of relying on the standard E_WARNING, I do this in my code.
<?php
$max_input_vars = ini_get('max_input_vars');
if (count($_POST) === $max_input_vars + 1) { // note the +1 here
throw new Exception();
}
?>
If the size of the $_POST array reaches the maximum then there is the chance that there was more data so it is better to stay on the safe side and increase the config value.