How to Override PHP Configuration Options

configure PHPConfiguring PHP is easy. You can change almost any aspect of the interpreter within the php.ini configuration file, e.g. modify error handling, increase memory usage, etc.

Unfortunately, problems can occur when you move your application to a live hosting environment or are distributing the code to customers. ISPs usually lock down the php.ini configuration file — especially on shared hosting. This could cause your application to fail.

Fortunately, it’s not necessary to upgrade to an expensive dedicated server. The two methods below allow you to override PHP settings within your application.

Apache Module Directives

The majority of ISPs provide Apache web server hosting on Linux or Unix platforms. Hopefully, they’ve also granted “AllowOverride Options” or “AllowOverride All” privileges in Apache’s httpd.conf configuration. This allows you to create an .htaccess file within your application’s root folder overrides the default Apache and PHP configuration.

Two PHP directives are permitted within .htaccess:

  • php_flag <boolean-flag-name> on|off
  • php_value <flag-name> <flag-value>

php_flag should be used for on/off values, whereas php_value can be used for any others. For example, the following .htaccess file will disable globals, set the maximum file upload size to 20MB, and allow PHP scripts to run for 10 minutes (600 seconds):


php_flag register_globals off
php_value upload_max_filesize 20M
php_value max_execution_time 600

However, the solution will not work in all Apache installations or other web servers such as IIS.

PHP Runtime Configuration

A more portable, server-agnostic solution is PHP’s ini_set function. — it allows you to change a setting within your application at runtime. The function accepts two arguments: ini_set(flag-name, flag-value), e.g.


<?php
ini_set('register_globals', 0);
ini_set('upload_max_filesize', '20M');
ini_set('max_execution_time', 600);
?>

Booleans, numbers and strings can be used interchangeably — PHP will attempt to cast the value to an appropriate type.

Several related functions are available:

ini_get(flag-name)
Returns the configuration value. I’d recommend checking your configuration change and taking appropriate action. Don’t assume ini_get() will always work.

ini_get_all([extension])
Returns all configuration values as an associative array. The optional extension parameter returns options specific to that extension, e.g. ‘allow_url_fopen’.

get_cfg_var(flag-name)
Returns the original configuration value from php.ini (not any overrides set in .htaccess or by ini_set).

ini_restore(flag-name)
Returns a configuration option to its original value.

Coming soon: How to Handle Unloaded PHP Extensions.

Has PHP configuration ever caused you problems when porting an application to another server?

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • Troels Knak-Nielsen

    You should note php_admin_value and php_admin_flag, which acts like php_value and php_flag, except that they can’t be overridden later on. If an ini setting is set with these in the main Apache config file, it can lead to some head-scratching.

  • robo47

    Changing things at runtime is often not working/helping, the examples above are bad and you should check ini_set’s return-values!

    Setting upload/post-sizes/register_globals IN the script can’t work because post/upload/register_globals-processing takes place before the php-script itself runs.

    That’s why those values are PHP_INI_PERDIR and not PHP_INI_USER or PHP_INI_ALL.

    In fact the articles misses the most important point, you have have to check the manual

    http://www.php.net/manual/en/ini.list.php

    which variables are settable where, some will be only in php.ini, some in vhosts, some in .htaccess.
    The explanations for what stands for what:
    http://www.php.net/manual/en/configuration.changes.modes.php

    Max values can be limited too by for example security-extensions like suhosin, resulting in warnings/errors.

  • biswa

    I love the article,very helpful for new Guy.

  • RavenWebServices

    You should also note that if you run PHP with phpsuexec or suphp then you cannot use .htaccess to override the global php.ini file. You must use a local version of php.ini

  • Sheena Rai

    Thankx This php Configuration Really Helped Me.. I Had A Tough Time With THis
    This would surely enhance my web development skills
    Sheena Rai Technetto

  • kira8080

    seems too good to be true…?

  • djn

    Putting PHP directives into a .htaccess only works if PHP is running as an Apache module – otherwise you can expect a 500 error.
    Phpsuexec and suphp both require PHP running as CGI – and that’s the reason the vast maiority of shared servers has it running as CGI.