Runtime Configuration

The behaviour of these functions is affected by settings in php.ini.

PHP Options/Info Configuration Options
Name Default Changeable Changelog
assert.active "1" INI_ALL Deprecated as of PHP 8.3.0
assert.bail "0" INI_ALL Deprecated as of PHP 8.3.0
assert.warning "1" INI_ALL Deprecated as of PHP 8.3.0
assert.callback NULL INI_ALL Deprecated as of PHP 8.3.0
assert.quiet_eval "0" INI_ALL Removed as of PHP 8.0.0
assert.exception "1" INI_ALL Prior to PHP 8.0.0, defaults to "0". Deprecated as of PHP 8.3.0
enable_dl "1" INI_SYSTEM This deprecated feature will certainly be removed in the future.
max_execution_time "30" INI_ALL  
max_input_time "-1" INI_PERDIR  
max_input_nesting_level "64" INI_PERDIR  
max_input_vars 1000 INI_PERDIR  
zend.enable_gc "1" INI_ALL  
For further details and definitions of the INI_* modes, see the Where a configuration setting may be set.

Here's a short explanation of the configuration directives.

assert.active bool

Enable assert() evaluation. zend.assertions should be used instead to control the behaviour of assert().

Warning

This feature has been DEPRECATED as of PHP 8.3.0. Relying on this feature is highly discouraged.

assert.bail bool

Terminate script execution on failed assertions.

Warning

This feature has been DEPRECATED as of PHP 8.3.0. Relying on this feature is highly discouraged.

assert.warning bool

Issue a PHP warning for each failed assertion.

Warning

This feature has been DEPRECATED as of PHP 8.3.0. Relying on this feature is highly discouraged.

assert.callback string

User function to call on failed assertions.

Warning

This feature has been DEPRECATED as of PHP 8.3.0. Relying on this feature is highly discouraged.

assert.quiet_eval bool
Warning

This feature was REMOVED as of PHP 8.0.0.

Use the current setting of error_reporting() during assertion expression evaluation. If enabled, no errors are shown (implicit error_reporting(0)) while evaluation. If disabled, errors are shown according to the settings of error_reporting()

assert.exception bool

Issue an AssertionError exception for the failed assertion.

Warning

This feature has been DEPRECATED as of PHP 8.3.0. Relying on this feature is highly discouraged.

enable_dl bool

This directive allows to turn dynamic loading of PHP extensions with dl() on and off.

The main reason for turning dynamic loading off is security. With dynamic loading, it's possible to ignore all open_basedir restrictions. The default is to allow dynamic loading.

max_execution_time int

This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30. When running PHP from the command line the default setting is 0.

On non Windows systems, the maximum execution time is not affected by system calls, stream operations etc. Please see the set_time_limit() function for more details.

Your web server can have other timeout configurations that may also interrupt PHP execution. Apache has a Timeout directive and IIS has a CGI timeout function. Both default to 300 seconds. See your web server documentation for specific details.

max_input_time int

This sets the maximum time in seconds a script is allowed to parse input data, like POST and GET. Timing begins at the moment PHP is invoked at the server and ends when execution begins. The default setting is -1, which means that max_execution_time is used instead. Set to 0 to allow unlimited time.

max_input_nesting_level int

Sets the max nesting depth of input variables (i.e. $_GET, $_POST.)

max_input_vars int

How many input variables may be accepted (limit is applied to $_GET, $_POST and $_COOKIE superglobal separately). Use of this directive mitigates the possibility of denial of service attacks which use hash collisions. If there are more input variables than specified by this directive, an E_WARNING is issued, and further input variables are truncated from the request.

zend.enable_gc bool

Enables or disables the circular reference collector.

add a note add a note

User Contributed Notes 4 notes

up
21
rubo77
11 years ago
I think it is important to mention that some distributions apply bugfixes for older versions so "Available since PHP 5.3.9" is not reliable, for example:
debian squeeze implemented the directive max_input_vars in PHP 5.3.3-7+squeeze7 (see http://ftp-master.metadata.debian.org/changelogs/main/p/php5/php5_5.3.3-7+squeeze17_changelog )
up
1
csongor at halmai dot hu
4 years ago
The max_input_vars setting is defined as "How many input variables may be accepted" but this is not completely correct. There is a +1 factor.

For example, if the value is 2 then the $_POST array can have up to 3 elements, if it is 1000 then it can have 1001 elements, and so on.

I want to stop the execution of the php code when there is a chance that some data was not received. Therefore, instead of relying on the standard E_WARNING, I do this in my code.

<?php
$max_input_vars
= ini_get('max_input_vars');
if (
count($_POST) === $max_input_vars + 1) {   // note the +1 here
   
throw new Exception();
}
?>

If the size of the $_POST array reaches the maximum then there is the chance that there was more data so it is better to stay on the safe side and increase the config value.
up
-4
horst at pepperzak.com
13 years ago
Caution: Although magic_quotes_gpc is flagged as dreprecated the default value is still "ON". So you will explicitly have to put

magic_quotes_gpc = Off

into your php.ini. Commeting out the magic_quotes_gpc-line will not turn magic_quotes_gpc off.
up
-86
Anonymous
10 years ago
The max_input_vars limit can be overcome by reading the input in raw, i.e.:
<?php
  $sRawInputData
= fopen( 'php://input' );
?>
To Top