Table H-4. Data Handling Configuration Options
Name | Default | Changeable |
---|---|---|
track_vars | "On" | PHP_INI_?? |
arg_separator.output | "&" | PHP_INI_ALL |
arg_separator.input | "&" | PHP_INI_SYSTEM|PHP_INI_PERDIR |
variables_order | "EGPCS" | PHP_INI_ALL |
register_globals | "Off" | PHP_INI_PERDIR|PHP_INI_SYSTEM |
register_argc_argv | "On" | PHP_INI_PERDIR|PHP_INI_SYSTEM |
register_long_arrays | "On" | PHP_INI_PERDIR|PHP_INI_SYSTEM |
post_max_size | "8M" | PHP_INI_SYSTEM|PHP_INI_PERDIR |
gpc_order | "GPC" | PHP_INI_ALL |
auto_prepend_file | "" | PHP_INI_SYSTEM|PHP_INI_PERDIR |
auto_append_file | "" | PHP_INI_SYSTEM|PHP_INI_PERDIR |
default_mimetype | "text/html" | PHP_INI_ALL |
default_charset | "iso-8859-1" | PHP_INI_ALL |
always_populate_raw_post_data | "0" | PHP_INI_SYSTEM|PHP_INI_PERDIR |
allow_webdav_methods | "0" | PHP_INI_SYSTEM|PHP_INI_PERDIR |
Here's a short explanation of the configuration directives.
If enabled, then Environment, GET, POST, Cookie, and Server variables can be found in the global associative arrays $_ENV, $_GET, $_POST, $_COOKIE, and $_SERVER.
Note that as of PHP 4.0.3, track_vars is always turned on.
The separator used in PHP generated URLs to separate arguments.
List of separator(s) used by PHP to parse input URLs into variables.
Note: Every character in this directive is considered as separator!
Set the order of the EGPCS (Environment, GET, POST, Cookie, Server) variable parsing. The default setting of this directive is "EGPCS". Setting this to "GP", for example, will cause PHP to completely ignore environment variables, cookies and server variables, and to overwrite any GET method variables with POST-method variables of the same name.
See also register_globals.
Tells whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. For example; if register_globals = on, the URL http://www.example.com/test.php?id=3 will produce $id. Or, $DOCUMENT_ROOT from $_SERVER['DOCUMENT_ROOT']. You may want to turn this off if you don't want to clutter your scripts' global scope with user data. As of PHP 4.2.0, this directive defaults to off. It's preferred to go through PHP Predefined Variables instead, such as the superglobals: $_ENV, $_GET, $_POST, $_COOKIE, and $_SERVER. Please read the security chapter on Using register_globals for related information.
Please note that register_globals cannot be set at runtime (ini_set()). Although, you can use .htaccess if your host allows it as described above. An example .htaccess entry: php_flag register_globals on.
Note: register_globals is affected by the variables_order directive.
Tells PHP whether to declare the argv & argc variables (that would contain the GET information).
See also command line. Also, this directive became available in PHP 4.0.0 and was always "on" before that.
Tells PHP whether or not to register the deprecated long $HTTP_*_VARS type predefined variables. When On (default), long predefined PHP variables like $HTTP_GET_VARS will be defined. If you're not using them, it's recommended to turn them off, for performance reasons. Instead, use the superglobal arrays, like $_GET.
This directive became available in PHP 5.0.0.
Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize.
If memory limit is enabled by your configure script, memory_limit also affects file uploading. Generally speaking, memory_limit should be larger than post_max_size.
When an integer is used, the value is measured in bytes. You may also use shorthand notation as described in this FAQ.
Set the order of GET/POST/COOKIE variable parsing. The default setting of this directive is "GPC". Setting this to "GP", for example, will cause PHP to completely ignore cookies and to overwrite any GET method variables with POST-method variables of the same name.
Note: This option is not available in PHP 4. Use variables_order instead.
Specifies the name of a file that is automatically parsed before the main file. The file is included as if it was called with the include() function, so include_path is used.
The special value none disables auto-prepending.
Specifies the name of a file that is automatically parsed after the main file. The file is included as if it was called with the include() function, so include_path is used.
The special value none disables auto-appending.
Note: If the script is terminated with exit(), auto-append will not occur.
As of 4.0b4, PHP always outputs a character encoding by default in the Content-type: header. To disable sending of the charset, simply set it to be empty.
Always populate the $HTTP_RAW_POST_DATA variable.
Allow handling of WebDAV http requests within PHP scripts (eg. PROPFIND, PROPPATCH, MOVE, COPY, etc.). This directive does not exist as of PHP 4.3.2. If you want to get the post data of those requests, you have to set always_populate_raw_post_data as well.
See also: magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase.