yawnmoth

I'm trying to set a few PHP directives and am having some difficulty doing so.

I add "php_value magic_quotes_gpc 0" to .htaccess and I get an Error 500. This article, however, suggests that that's because PHP is running as CGI - not as mod_php. As an alternative, it suggests to create a php.ini file in the directory I'd like the setting to be valid for. So I try creating php.ini with the following:

But it doesn't help. magic_quotes_gpc is still enabled.

I could use ini_set as the article suggests but I shouldn't have to modify PHP files to get them to work on this host. What happens if I want to upgrade? I'll have to hand modify every file every time I want to upgrade? I think that's dumb. Modifications are one of the chief reasons people don't upgrade in the first place - it's too much work to reapply all their modifications so they don't - and they just end up running insecure versions of software forever.

Also, I could, in theory, use a different software package, because, "obviously", this wouldn't be an issue with a "good" one, but I reject the notion that "good" or "bad" is so black and white.

All I'm interested in doing is changing the PHP directories, without using ini_set. Any ideas?

ttorion

What version of PHP is on your server?

My server was recently upgraded to 5.2.6 but the previous version would not read the local php.ini file values. I can't remember what that version number was though.

__________________
www.w5qgg.org
SH71
www.n5na.net
SH88

yawnmoth

I'm running 5.2.6, as well.

One thing I'm curious about with php.ini... if you place it in some directory, will all sub directories inherit those same settings? With .htaccess, all sub directories inherit settings, although for php.ini, my own tests suggests that this is not the case.

This seems less than ideal. If I have, say, 10 directories, placing a php.ini file in each one of these seems less preferable to placing one file in the directory containing all those directories...

patrickb

.htaccess and php.ini files related to two different systems. The .htaccess is an apache related file (the web server) and it is designed with directory/subdirectory hiearchy in mind. php.ini is a php configuration that is specific to PHP and was not designed with the hiearchy in mind. It is designed to allow you to override specific settings on a per directory basis, but does not retain the hiearchy structure in the same way that a .htaccess file would.

Checkout this link PHP: Disabling Magic Quotes - Manual There should be a few hints in there to get you where you are going.

__________________
Patrick

Warnings: The program(s) might crash unexpectedly or behave otherwise strangely. (But of course, so do many commercial programs on Windows.) --www.gimp.org

yawnmoth

On that note, why is SurpassHosting evening running PHP via CGI and not mod_php? I was under the impression mod_php was faster?

CoasterBGW

If I recall correctly, they are running php4 and php5 concurrently. One is running as mod_php and the other as CGI.

__________________
Matt Rydzik
http://coaster-net.com "Your Guide to the World of Extreme Thrills!"
COASTER-net Dedicated:

yawnmoth

*.php appears to be, by default, associated with php5, and *.php4 with php4.

That suggests that the more common extension - *.php - is running using a slower method than the less common extension - *.php4?

Seems kinda counter intuitive to me?

Kayla

We run our php based on what is secure, not what could be a few seconds faster. We run php as the username on both 4/5. Soon we will not even run 4 at all on new servers.

__________________

yawnmoth

So you're saying that PHP5 is more secure when run via CGI and not mod_php? And that PHP4 is exactly the opposite?

That seems... strange.

Might I ask why? Even if it's non-negotiable, I'd still like to know, for the purposes of expanding my knowledge.