Error warnings for PHP are helpful during development, where you can use them for debugging. Showing the same errors and warnings in a production environment could pose a security …
Read More
PHP allows specific functions to be disabled to avoid misuse and for security reasons. It is used to harden a PHP deployment, especially in a shared hosting environment.
The max_execution_time directive defines the maximum execution time for your PHP scripts and applications. If not configured, the default maximum execution time for a PHP script is 30 seconds. …
Read More
Some PHP functions could be a security risk if allowed in a system. These functions include exec(), which could be used to execute shell commands in a system if …
Read More
PHP scripts are only allocated a certain amount of memory that it can use, and whet it reaches the limit, it will produce the following error;
PHP Fatal error: Allowed memory size of xxxx bytes exhausted (tried to allocate yyyy) in yourscript.php
To fix this, you’ll need to increase the memory limit for PHP scripts using any of the following methods;
Maximum upload file size for PHP is bound to the lowest value of both post_max_size and upload_max_filesize directives in your configuration. post_max_size affects maximum file upload size as file upload is normally an HTTP POST operation.
post_max_size
Maximum size of POST data that PHP will accept.
Its value may be 0 to disable the limit.
It is ignored if POST data reading is disabled through enable_post_data_reading.
upload_max_filesize
Maximum allowed size for uploaded files.
You can update your PHP configuration file for these two directives to the values that fit your requirement and then restart your web server.
The following example allows for file upload of not more than 200MB.
post_max_size = 200M upload_max_filesize = 250M
Alternatively, you can add the following lines in your .htaccess and the setting will apply to scripts from within the .htaccess‘ directory.
php_value upload_max_filesize 200M php_value post_max_size 250M
Restart Apache for the changes to take effect.
Here are some ways that you can check the installed version of PHP in your system;
php -v from the command line.
$ php -v PHP 7.0.19 (cli) (built: Jun 21 2017 07:13:57) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
php -i from the command line.
$ php -i | grep "PHP Version" PHP Version => 7.0.19 PHP Version => 7.0.19
PHP_VERSION_ID from PHP script.
<?php echo PHP_VERSION_ID; //Sample output: 70019 ?>
phpversion() output from PHP script.
<?php echo phpversion(); //Sample output: 7.0.19 ?>
phpinfo() output
<?php phpinfo(); ?>
PHP packages are installed from. Here’s a list of some common package managers and the corresponding commands; | Platform | Location |
|---|---|
| homebrew | brew list –versions php |
| Debian/Ubuntu | |
| RedHat/CentOS |
You could get the following warning if timezone is not configured for PHP when using date related function such as date() or date_default_timezone_get().
Warning: date(): It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in /path/to/your/script.php on line 3
You can configure timezone for PHP by setting up date.timezone in your configuration file to any of the supported timezones. You can view the list of supported timezones from PHP‘s official documentation.
The following example sets the timezone to America/Los_Angeles
[Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = America/Los_Angeles
If you’re using PHP 5.1.0 or later, you can you can independently set the timezone for each of your PHP script by calling the date_default_timezone_set function with the timezone as the parameter.
bool date_default_timezone_set ( string $timezone_identifier )
The example below sets the timezone for the rest of the script to America/Los_Angeles.
<?php date_default_timezone_set('America/Los_Angeles'); ?>
Don’t forget to restart your webserver after changing the PHO configuration file for the changes to take effect.
PHP will exit with the following error once it reaches the maximum allowed time for it to execute your scripts;
Fatal error: Maximum execution time of 30 seconds exceeded in yourscript.php
30 seconds is the default timeout, if not specifically configured.
You can avoid this error by increasing the maximum execution time for PHP. This can be set globally or from within your PHP scripts from these options;
PHP‘s configuration file location might differ from one platform to another. Here’s an incomplete list of the possible location for PHP‘s configuration file;
| Platform | Location |
|---|---|
| xampp | {installation directory}/php/php.ini |
| macOS | /private/etc/php.ini |
| Ubuntu < 16.10 | /etc/php5/{cli,apache2,cgi}/php.ini |
| Ubuntu >= 16.10 | /etc/php7/{cli,apache2,cgi}/php.ini |
| RedHat/CentOS/Fedora | /etc/php.ini |
If you’re on a Unix based operating system, you can run php -i from the terminal and look for Loaded Configuration File from the output to get the location for your exact system such as the following;
$ php -i | grep 'Loaded Configuration File' Loaded Configuration File => /etc/php.ini