Php.ini configuration directives
A number of configuration directives are supported in the php.ini file, which can be used to alter the behavior when PHP scripts run. There are a few directives specific to the runtime for PHP in CICS® TS Feature Pack for Dynamic Scripting V2.0.
CICS TS Feature Pack for Dynamic Scripting V2.0 specific configuration directives
| Directive | Explanation | Default Value |
|---|---|---|
code_cache |
Enables the use of an in-memory cache of compiled PHP code, which eliminates the parsing of a compilation step for the second and subsequent run of a PHP file. It provides a performance improvement for repeatedly executed files. Extra heap space is required to hold this cache. The space that is required is dependent on the number and complexity of files that it holds. |
On |
code_cache_limit |
Sets a limit on the number of files that are held in the code cache. When this limit is reached, entries are removed on a least recently used basis. |
400 |
map_locals |
Specifies that local variables are always available in a map data structure. This directive disables some performance optimization to ensure that the context parameter is always completed when a user error handler is invoked. |
Off |
optimization_level |
Sets the level of optimization that is performed on the PHP code when it is compiled for execution. The default value provides the best performance while, at the same time, being safe for all applications. It can be set to int to force interpreted execution, which performs more slowly. |
2 |
persistent_code_cache |
Enables the use of a file system store of compiled PHP code, as an extension of the memory-based code cache. It is not limited in size and persists over application stops and recycle events. |
Off |
persistent_code_cache_dir |
Specifies the directory in which the persistent code cache is written. |
. |
Standard php.net configuration directives
| Directive | Explanation | Supported | Default Value | Differences |
|---|---|---|---|---|
allow_call_time_pass_reference |
Whether to enable the ability to force arguments to be passed by reference at function call time. This method is deprecated and is likely to be unsupported in future versions of PHP. Instead, specify which arguments are passed by reference in the function declaration. A warning is issued each time that this feature is used, and the argument is passed by value instead of by reference. |
No |
Off |
Call time pass by reference is not supported. |
arg_separator.input |
List of separators that are used by PHP to parse
input URLs into variables.
Note: Every character in this directive
is considered a separator.
|
Yes |
& |
|
arg_separator.output |
The separator that is used in PHP generated URLs to separate arguments. |
Yes |
& |
|
asp_tags |
Allow ASP-style |
Yes |
Off |
|
auto_globals_jit |
When enabled, the SERVER and ENV variables are created when they are first used (Just In Time) instead of when the script starts. If these variables are not used within a script, having this directive on results in a performance gain. The PHP directives register_globals, register_long_arrays, and register_argc_argv must be disabled for this directive to be effective. |
No |
On |
|
date.default_longitude |
date.default_latitude = 31.7667 |
Yes |
||
date.sunset_zenith |
date.sunrise_zenith = 90.583333 |
Yes |
||
date.timezone |
Defines the default timezone that is used by the date functions. |
Yes |
||
disable_classes |
This directive enables certain classes to be
disabled for security reasons. It receives a comma-delimited list
of class names.
Note: This directive is not affected by whether Safe
Mode is on or off.
|
No |
||
disable_functions |
This directive
enables certain functions to be disabled for security reasons. It
receives a comma-delimited list of function names.
Note: This directive
is not affected by whether Safe Mode is on or off.
|
No |
||
display_errors |
Print errors (as a part of the output). Possible values for display_errors are as follows:
Important: For production websites, turn this feature
off, and use error logging instead. Enabling display_errors on
a website might reveal security information to users, such as file
paths, database schema, or other information.
|
Yes |
On |
Value of stderr is not supported. |
display_startup_errors |
Even when display_errors is on, errors that occur during the PHP startup sequence are not displayed. Use display_startup_errors only when debugging errors. |
Yes |
Off |
|
docref_ext |
If html_errors is set On, PHP produces clickable error messages that direct the user to a page that describes in detail the error, or function that is causing the error. You must specify the file extension being used including the dot. |
Yes |
||
docref_root |
You can download the PHP manual from php.net in your language and set this directive to the URL of your local copy.
Note: This is
a feature to support development as it makes it easy to look up a function description. Do not use
this feature on production systems.
|
Yes |
||
enable_dl |
Whether to enable the dl() function. |
Yes |
On |
|
error_append_string |
String to output after an error message. |
Yes |
||
error_log |
Log errors to specified file. |
Yes |
A value of syslog is not supported. |
|
error_prepend_string |
String to output before an error message. |
Yes |
||
error_reporting |
Sets the error reporting level. See error_reporting on php.net for an explanation of the various settings. |
Yes |
E_ALL & ~E_NOTICE & ~E_STRICT |
|
expose_php |
Decides whether PHP can expose the fact that it is installed on the server (for example, by adding its signature to the web server header). Expose PHP is not a security risk, but it makes it possible to determine whether PHP is in use on the server. |
No |
Off |
|
extension |
Which dynamically loadable extensions to load when PHP starts up. |
Yes |
||
extension_dir |
Directory in which the native loadable extensions (modules) reside. The JVM variable java.library.path is also searched for native loadable extensions. Java™ loadable extensions are found by using the class path and not this directive. |
Yes |
Only used to find native loadable extensions (.so modules) and not extensions that are written in Java. Native loadable extensions can also be in a directory that is specified on the java.library.path. |
|
file_uploads |
Whether to allow HTTP file uploads. |
No |
On |
|
gd.jpeg_ignore_warning |
Tell the jpeg decode to ignore libjpeg warnings and try to create a gd image. The warning is then displayed as notices disabled by default. |
Yes |
||
highlight.bg |
Colors for Syntax Highlighting mode. Anything
that is acceptable in |
Yes |
#FFFFFF |
|
highlight.comment |
Colors for
Syntax Highlighting mode. Anything that is acceptable in |
Yes |
#FF8800 |
|
highlight.default |
Colors for
Syntax Highlighting mode. Anything that is acceptable in |
Yes |
#0000BB |
|
highlight.html |
Colors for Syntax Highlighting mode. Anything that is acceptable in <span style="color: ???????"> is allowed. |
Yes |
#000000 |
|
highlight.keyword |
Colors for Syntax Highlighting mode. Anything
that is acceptable in |
Yes |
#007700 |
|
highlight.string |
Colors for Syntax Highlighting mode. Anything
that is acceptable in |
Yes |
#DD0000 |
|
html_errors |
Disable the inclusion of HTML tags in error
messages.
Note: This is a feature to support development as it makes
it easy to look up a function description. Do not use this feature
on production systems.
|
Yes |
On |
|
iconv.output_encoding |
iconv.input_encoding = ISO-8859-1iconv.internal_encoding = ISO-8859-1 |
No |
The iconv extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
ignore_repeated_errors |
Do not log repeated messages. Repeated errors must occur in same file on same line unless ignore_repeated_source is set true. |
Yes |
Off |
|
ignore_repeated_source |
Ignore source of message when ignoring repeated messages. When this setting is On, you will not log errors with repeated messages from different files or source lines. |
Yes |
Off |
|
ignore_user_abort |
If enabled, the request is allowed to complete even if the user cancels the request. Consider enabling ignore_user_abort if a long request is executed, which might end up being interrupted by the user or a browser timing out. |
No |
On |
|
implicit_flush |
Implicit flush tells PHP to tell the output
layer to flush itself automatically after every output block, which
is equivalent to calling the PHP function flush() after
every call to print() or echo() and
every HTML block.
Note: Turning on this option can have serious performance
implications. Use it for debugging purposes only.
|
Yes |
Off |
|
include_path |
Path to search for include files. |
Yes |
||
log_errors |
Logs errors to a log file (a server-specific log, stderr, or error_log). Use log_errors instead of display_errors for production systems. |
Yes |
Off |
|
log_errors_max_len |
Set maximum length of log_errors. In error_log information about the source is added. The default is 1024. A value of 0 means that no maximum length is applied. |
Yes |
1024 |
|
magic_quotes_gpc |
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all single quotation mark, double quotation mark, back slash, and NULLs are escaped with a backslash automatically. |
Yes |
Off |
|
max_execution_time |
Maximum execution time of each script, in seconds. |
Yes |
30 |
|
max_input_nesting_level |
Maximum nesting of arrays that are created from POST/GET data |
Yes |
64 |
|
mbstring.internal_encoding |
Internal script encoding. Some encoding cannot work as internal encoding (for example, SJIS, BIG5, ISO-2022-*). |
Yes |
||
mysql.allow_persistent |
Allow or prevent persistent links. |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.connect_timeout |
Maximum time (in seconds) for connect timeout. A value of -1 means no limit |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.default_host |
Default host for mysql_connect(). |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.default_password |
Default password for mysql_connect(). |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.default_port |
Default port number for mysql_connect(). |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.default_socket |
Default socket name for local MySQL connects. |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.default_user |
Default user for mysql_connect(). |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.max_links |
Maximum number of links, persistent plus non-persistent. |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.max_persistent |
Maximum number of persistent links. |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
mysql.trace_mode |
Trace mode. |
No |
The mysql extension is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0 |
|
open_basedir |
open_basedir, if set, limits
all file operations to the defined directory and subdirectories.
Note: This
directive is not affected by whether Safe Mode is turned On or Off.
|
Yes |
||
output_buffering |
Output buffering permits the sending of header
lines (including cookies) even after you send body content, although
this can slow the PHP output layer. You can enable output buffering
during runtime by calling the output buffering functions. You can
also enable output buffering for all files by setting this directive
to On. If you want to limit the size of the buffer
to a certain size, you can use a maximum number of bytes instead of On,
as a value for this directive. For example, |
Yes |
Off |
|
output_handler |
You can redirect all of the output of your scripts
to a function. Setting any output handler automatically turns on output
buffering.
Note: If you write portable scripts, do not depend on the output_handler directive.
Instead, explicitly set the output handler by using ob_start().
|
Yes |
Off |
|
pcre.backtrack_limit |
PCRE library backtracking limit. |
Yes |
||
pcre.recursion_limit |
PCRE library recursion limit.
Note: If you set
this value to a high number, you might consume all of the available
process stack and cause PHP to fail.
|
Yes |
||
post_max_size |
Maximum size of POST data that PHP accepts. |
Yes |
8M |
|
precision |
The number of significant digits that are displayed in floating point numbers. |
Yes |
14 |
|
register_argc_argv |
Tells PHP whether to declare the argv and argc variables
(that would contain the GET information).
Note: For performance reasons,
if you do not use these variables, turn off register_argc_argv.
|
No |
Off |
|
register_globals |
Whether to register the EGPCS variables as global
variables. Turn off register_globals if you do
not want the global scope of your scripts to be cluttered with user
data. This makes most sense when coupled with track_vars,
in which case you can access all of the GPC variables through the $HTTP_*_VARS[] variables.
Important: Try to write scripts so that they do not require register_globals to
be on. Using form variables as globals can lead to possible security
problems if the code is not properly designed.
|
No |
Off |
|
register_long_arrays |
Tells PHP whether to register the deprecated
long $HTTP_*_VARS type predefined variables.
Note: If
you are not using long $HTTP_*_VARS type predefined
variables, for performance reasons turn them off.
|
No |
Off |
|
safe_mode |
Safe Mode |
No |
Off |
|
safe_mode_allowed_env_vars |
Setting certain environment variables might
be a potential security breach. This directive contains a comma-delimited
list of prefixes. In Safe Mode, the user can alter only environment
variables whose names begin with the prefixes supplied here. By default,
users are only able to set environment variables that begin with PHP_
(for example, PHP_FOO=BAR).
Important: If this directive
is empty, PHP allows the user to modify any environment variable.
|
No |
putenv() is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0, so no environment variables can be changed. |
|
safe_mode_exec_dir |
When Safe Mode is on, only executables that are in the safe_mode_exec_dir are allowed to be executed by the exec family of functions. |
No |
||
safe_mode_gid |
By default, Safe Mode does a UID compare check when opening files. If you want to relax the check to a GID compare, then turn on safe_mode_gid. |
No |
Off |
|
safe_mode_include_dir |
When Safe Mode is on, UID/GID checks are bypassed and files are included from this directory and its subdirectories. The directory must also be in the include_path or the full path must be used. |
No |
||
safe_mode_protected_env_vars |
This directive contains a comma-delimited list of environment variables that the user is unable to change by using putenv(). These variables are protected even if safe_mode_allowed_env_vars is set to allow them to be changed. |
No |
putenv() is not supported by CICS TS Feature Pack for Dynamic Scripting V2.0, so no environment variables can be changed. |
|
serialize_precision |
The number of significant digits that are stored while serializing floating point numbers. The default value ensures that when floats are decoded with unserialize, the data remains the same. |
Yes |
Off |
|
session.auto_start |
Initialize session on request startup. |
Yes |
||
session.cache_expire |
Time in minutes after which a document expires. |
Yes |
||
session.cache_limiter |
Set to {nocache,private,public,} to determine HTTP caching aspects or leave this empty to avoid sending anti-caching headers. |
Yes |
||
session.cookie_domain |
The domain for which the cookie is valid. |
Yes |
||
session.cookie_httponly |
Whether to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. |
Yes |
||
session.cookie_lifetime |
Lifetime in seconds of cookie or, if 0, until browser is restarted. |
Yes |
||
session.cookie_path |
The path for which the cookie is valid. |
Yes |
||
session.cookie_secure |
Specifies whether cookies are sent only over secure connections. |
Yes |
||
session.gc_divisor |
Define the probability that the garbage collection process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor. For example, 1/100 means that there is a 1% chance the GC process starts on each request. |
Yes |
||
session.gc_maxlifetime |
After this number of seconds, stored data will be seen as garbage and cleaned up by the garbage collection process. |
Yes |
||
session.gc_probability |
Define the probability that the garbage collection process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor. For example, 1/100 means that there is a 1% chance that the GC process starts on each request. |
Yes |
||
session.name |
Name of the session (used as cookie name). |
Yes |
||
session.referer_check |
Check HTTP_REFERER to invalidate externally stored URLs containing ids. HTTP_REFERER must contain this substring for the session to be considered as valid. |
Yes |
||
session.save_handler |
Defines the name of the handler that is used for storing and retrieving data that is associated with a session. |
Yes |
files |
|
session.save_path |
Argument that is passed to save_handler.
For files, save_handler is the path where data
files are stored. PHP does not create this directory structure automatically,
you can use the script in the ext/session directory
for that purpose.
Note: Refer to the information on garbage collection
if you choose to use subdirectories for session storage. The file
storage module creates files by using mode 600 by default. You can
change that by using
session.save_path = "N;MODE;/path,
where MODE is the octal representation of the mode. This does not
overwrite the process umask. |
Yes |
||
session.serialize_handler |
Defines the name of the handler which is used to serialize and deserialize data. The default is php. |
Yes |
||
session.use_cookies |
Whether to use cookies. |
Yes |
||
session.use_only_cookies |
This option enables administrators to make their users invulnerable to attacks that involve passing session ids in URLs. Defaults to 0. |
Yes |
||
short_open_tag |
Allow the
<? ?> tag. Otherwise,
only <?php ?> and <script> tags
are recognized. Note: Avoid short tags when you are developing applications
or libraries that are meant for redistribution, or deployment on PHP
servers that are not under your control. Short tags might not be supported
on the target server.
|
Yes |
Off |
|
track_errors |
Store the last error/warning message in $php_errormsg (boolean).
Note: track_errors can
significantly degrade performance. Do not use it on production systems.
|
Yes |
Off |
|
unicode.script_encoding |
Script encoding defines how the PHP file is encoded. This must be set correctly in order for string literals and PHP names, such as function, variable, and class names, to be correctly parsed by the runtime. |
Yes |
UTF-8 |
|
unicode.runtime_encoding |
Runtime encoding is used when a PHP string is converted into a Java string. Internally, the PHP runtime preserves the ability to store binary data in a PHP string, which is essential for full support of the PHP 5 language. The runtime encoding is used when a PHP string is explicitly converted to a Java string, such as when it is stored in the global context as described in PHP global context reference. |
Yes |
UTF-8 |
|
unserialize_callback_func |
The unserialize callback function is called (with the undefined class name as parameter), if the unserializer finds an undefined class that it expects to be instantiated. A warning is issued if the specified function is not defined, or if the function does not include or implement the missing class. Set this entry only if you want to implement such a callback-function. |
Yes |
||
upload_max_filesize |
Maximum allowed size for uploaded files. |
Yes |
2M |
|
upload_tmp_dir |
Temporary directory for HTTP uploaded files (uses system default if not specified). |
No |
||
user_dir |
The directory under which PHP opens the script by using /~username. Used only if nonempty. |
No |
||
y2k_compliance |
Enforce year 2000 compliance (causes problems with non-compliant browsers). |
No |
On |
|
zend.ze1_compatibility_mode |
Enable compatibility mode with Zend Engine 1 (PHP 4.x). |
No |
Off |