2 questions about php

Portal Home > Knowledgebase > Articles Database > 2 questions about php

Posted by madpato, 09-01-2008, 03:51 PM
Hi i have 2 questions about php that i would appreciate some assistance: 1. I have a customer who blames me that i dont have ini_set enabled on my server, so i go to my php.ini but i dont find anything called "ini_set" so i suppose that i have to create it, ¿but where?. Maybe i'm totally wrong, that's why im asking. 2. Some dumb customers want register globals for their site, and despite i tell them that is very insecure... they keep telling me that i have to enable it. So is there any way to set register globals for just one site and not the entire server? I know that in php 4 it can be done, but in php 5 i can't find anything similar. Hope you can help me with any of these... thanks.
Posted by The Universes, 09-01-2008, 04:31 PM
1. Do you have safemode on? 2. I assume your using Apache? Just put this in the config for your vhost: Again, your correct in that its insecure and should never be turned on....
Posted by madpato, 09-02-2008, 05:26 PM
no i dont have safe mode on... and i do use apache, i will try with that. So how do i enable ini_set?
Posted by RBBOT, 09-02-2008, 08:05 PM
If you do turn on register globals, you risk malicious code being uploaded to your server, which may impact more than just their site. The fact they are insisting it is turned on mean they are using code that is old, bad, or both.
Posted by koithara, 09-02-2008, 11:00 PM
To set php variables like register_globals/ safe_mode etc for a specific user you may use the file .htaccess.. However to get that done, your php should have to be compiled as Apache Module. And the code in .htaccess should be like : And if php is compiled as CGI Module, then you may edit these variables for a user by putting a copy of your php.ini to the corresponding users home directory and change the respective variable there. To find out the method in which PHP is compiled on your server, you may put a phpinfo page. For this open up a file with extension .php and the entry should be :
Posted by larwilliams, 09-02-2008, 11:12 PM
No coder worth there salt should ever need ini_set, or register_globals to be enabled. If your customers want basic register_globals emulation, tell them to use this snippet of code at the beginning of their .php pages, preferably as part of an include():
Posted by madpato, 09-05-2008, 10:29 AM
thank you so much for the information. This will be helpful. One last question, if i enable RG does that mean that i have enabled ini_set?? because so far i can enable RG but i still can't enable ini_set. I tell them in many ways that ini_set and RG are dangerous, but what can i do, they get angry... i'm just an employee... i don't own the server. :'(
Posted by madpato, 09-05-2008, 10:33 AM
damn double post >.< srry Thank you for the info, i will try the methods that you posted. But one question, does enabling RG means that i enable ini_set? because i can enable RG but still nothing about ini_set. BTW my customers are getting mad about the damn ini_set, i don't know how to tell them that it is a bad choice ¬¬ seems they are lazy coders... don't wanna upgrade.
Posted by larwilliams, 09-05-2008, 10:35 AM
No. register_globals and ini_set are enabled in different ways. In your php.ini, find a line starting with "disabled_functions=" and remove ini_set from the list. Consider most php scripts, of any measurable size, usually include a common file at their beginning, you could insert the code above into the top of that file and they would then have no need for register_globals (which I expect will go away in PHP6 regardless).

Add to Favourites Print this Article