The behaviour of these functions is affected by settings in php.ini.
PHP Options/Inf Configuration OptionsNameDefaultChangeableChangelog
| assert.active | "1" | PHP_INI_ALL | |
| assert.bail | "0" | PHP_INI_ALL | |
| assert.warning | "1" | PHP_INI_ALL | |
| assert.callback | NULL | PHP_INI_ALL | |
| assert.quiet_eval | "0" | PHP_INI_ALL | |
| assert.exception | "0" | PHP_INI_ALL | Available since PHP 7.0.0. |
| enable_dl | "1" | PHP_INI_SYSTEM | This deprecated feature will certainly be removed in the future. |
| max_execution_time | "30" | PHP_INI_ALL | |
| max_input_time | "-1" | PHP_INI_PERDIR | Available since PHP 4.3.0. |
| max_input_nesting_level | "64" | PHP_INI_PERDIR | Available since PHP 5.2.3. |
| max_input_vars | 1000 | PHP_INI_PERDIR | Available since PHP 5.3.9. |
| magic_quotes_gpc | "1" | PHP_INI_PERDIR | PHP_INI_ALL in PHP <= 4.2.3. Removed in PHP 5.4.0. |
| magic_quotes_runtime | "0" | PHP_INI_ALL | Removed in PHP 5.4.0. |
| zend.enable_gc | "1" | PHP_INI_ALL | Available since PHP 5.3.0. |
For further details and definitions of the PHP_INI_* modes, see the Where a configuration setting may be set.
Here's a short explanation of the configuration directives.
assert.active boolean
Enable assert() evaluation.
assert.bail boolean
Terminate script execution on failed assertions.
assert.warning boolean
Issue a PHP warning for each failed assertion.
assert.callback string
User function to call on failed assertions.
assert.quiet_eval boolean
Use the current setting of error_reporting() during assertion expression evaluation. If enabled, no errors are shown (implicit error_reporting(0)) while evaluation. If disabled, errors are shown according to the settings of error_reporting()
assert.exception boolean
Issue an AssertionError exception for the failed assertion.
enable_dl boolean
This directive is really only useful in the Apache module version of PHP. You can turn dynamic loading of PHP extensions with dl() on and off per virtual server or per directory.
The main reason for turning dynamic loading off is security. With dynamic loading, it's possible to ignore all open_basedir restrictions. The default is to allow dynamic loading, except when using safe mode. In safe mode, it's always impossible to use dl().
max_execution_time integer
This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30. When running PHP from the command line the default setting is 0.
The maximum execution time is not affected by system calls, stream operations etc. Please see the set_time_limit() function for more details.
You can not change this setting with ini_set() when running in safe mode. The only workaround is to turn off safe mode or by changing the time limit in the php.ini.
Your web server can have other timeout configurations that may also interrupt PHP execution. Apache has a Timeout directive and IIS has a CGI timeout function. Both default to 300 seconds. See your web server documentation for specific details.
max_input_time integer
This sets the maximum time in seconds a script is allowed to parse input data, like POST and GET. Timing begins at the moment PHP is invoked at the server and ends when execution begins. The default setting is -1, which means that max_execution_time is used instead. Set to 0 to allow unlimited time.
max_input_nesting_level integer
Sets the max nesting depth of input variables (i.e. $_GET, $_POST.)
max_input_vars integer
How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately). Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an E_WARNING is issued, and further input variables are truncated from the request.
magic_quotes_gpc boolean
Warning
This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.
Note:
If the magic_quotes_sybase directive is also ON it will completely override magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ''. Double quotes, backslashes and NUL's will remain untouched and unescaped.
See also get_magic_quotes_gpc()
magic_quotes_runtime boolean
Warning
This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.
Functions affected by magic_quotes_runtime (does not include functions from PECL):
- get_meta_tags()
- file_get_contents()
- file()
- fgets()
- fwrite()
- fread()
- fputcsv()
- stream_socket_recvfrom()
- exec()
- system()
- passthru()
- stream_get_contents()
- bzread()
- gzfile()
- gzgets()
- gzwrite()
- gzread()
- exif_read_data()
- dba_insert()
- dba_replace()
- dba_fetch()
- ibase_fetch_row()
- ibase_fetch_assoc()
- ibase_fetch_object()
- mssql_fetch_row()
- mssql_fetch_object()
- mssql_fetch_array()
- mssql_fetch_assoc()
- mysqli_fetch_row()
- mysqli_fetch_array()
- mysqli_fetch_assoc()
- mysqli_fetch_object()
- pg_fetch_row()
- pg_fetch_assoc()
- pg_fetch_array()
- pg_fetch_object()
- pg_fetch_all()
- pg_select()
- sybase_fetch_object()
- sybase_fetch_array()
- sybase_fetch_assoc()
- SplFileObject::fgets()
- SplFileObject::fgetcsv()
- SplFileObject::fwrite()
zend.enable_gc boolean
Enables or disables the circular reference collector.
User Contributed Notes 3 notes
26
5 years ago
I think it is important to mention that some distributions apply bugfixes for older versions so "Available since PHP 5.3.9" is not reliable, for example:
debian squeeze implemented the directive max_input_vars in PHP 5.3.3-7+squeeze7 (see http://ftp-master.metadata.debian.org/changelogs/main/p/php5/php5_5.3.3-7+squeeze17_changelog )
-2
7 years ago
Caution: Although magic_quotes_gpc is flagged as dreprecated the default value is still "ON". So you will explicitly have to put
magic_quotes_gpc = Off
into your php.ini. Commeting out the magic_quotes_gpc-line will not turn magic_quotes_gpc off.
-71
5 years ago
The max_input_vars limit can be overcome by reading the input in raw, i.e.:
<?php
$sRawInputData= fopen( 'php://input' );
?>
'WEB' 카테고리의 다른 글
| Random number in range [min - max] using PHP (0) | 2019.07.16 |
|---|---|
| How do I make a full-width iframe with fixed aspect ratio? in Youtube (0) | 2019.05.26 |
| Cisco AnyConnect Secure Mobility Client 4.5 Download Links (0) | 2019.03.24 |
| libmysqlclient.so.16 help (SOLVED) (0) | 2018.06.18 |
| unexpected 'use' (T_USE) when trying to use composer (0) | 2018.06.14 |