Some .htaccess Rules To Improve PHP Portability

5th December 2008 - 5 minutes read time

PHP is a powerful tool, but if you create any piece of software there are one or two things that you should never rely on.

A good example is using PHP short tags. This is a short hand way of stating that this block are to be parsed as PHP. This is an example of a normal tag.

<?php echo 'Hello World'; >

Here is the same code using short tags.

<? echo 'Hello World'; >

Another alternative, if you just want to print the output of a variable, is to use the following.

<?='Hello World'; >

The short tags setting can be turned on or off in the php.ini file. If you create an application that relies on these short tags then you will find that on some systems the short tags setting is turned off, which means that your software will simply not work.

You can force PHP to set this setting to on by using the following rule in your .htaccess file on an Apache server.

php_flag short_open_tag on

Note that this probably works with other servers that use .htaccess but I haven't been able to test it. Two other things that are useful to turn off are register globals and magic quotes.

php_flag magic_quotes_gpc off
php_flag register_globals off

The register_globals setting should be turned off on any server due to security reasons, but relying on magic quotes being turned on is equally as dangerous. As a rule you should always treat anything from the user as potentially dangerous, but turning this magic quotes off will allow you to be absolutely certain that your string is properly escaped. The problem comes when you escape a string and magic quotes is turned on. You tend to find your database input has multiple slashes.

PHP5 (when using certain functions) requires that you set your timezone, you can do this by using the following rule.

php_value date.timezone "UTC"

If you are testing your PHP code then you can use the following two rules to turn on error reporting and display errors.

php_value error_reporting "8191"
php_value display_errors "1"

To turn this off just change the display_errors setting to 0. You would want to do this on a production server!

Finally, one last little fix is to make sure that the server doesn't allow users to simple surf the contents of your directories. The following .htaccess rule will prevent Apache from showing the contents of a directory.

# Security: Don't allow browsing of directories
Options -Indexes

This is almost always turned off, but it is better to be safe and include it.

PHP

Comments

thank you...

Submitted by guru on Thu, 01/30/2014 - 05:57

Permalink

Add new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
14 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Related Content

Recreating Spotify Wrapped In PHP

17th March 2024

I quite like the end of the year report from Spotify that they call "Wrapped". This is a little application in which they tell you what your favorite artist was and what sort of genres you listened to the most during the year.

Read more

Should A Constructor Throw An Exception?

18th February 2024

Let's say you had a class that you wanted to use, but there was some sort of error in creating the object. This might be that the wrong parameters were passed, or the third party service (eg. a database) wasn't available at the time of creation.

Read more

PHP Question: Variable Reference

10th December 2023

Question

What does the following code print out?

function arrayPrint($array)
{
   echo implode(' ', $array);
}

$arrayA = [1, 2, 3];
$arrayB = $arrayA;
$arrayB[1] = 0;
arrayPrint($arrayA);

Read more

Creating An Authentication System With PHP and MariaDB

15th October 2023

Using frameworks to handle the authentication of your PHP application is perfectly fine to do, and normally encouraged. They abstract away all of the complexity of managing users and sessions that need to work in order to allow your application to function.

Read more

Creating Sparklines In PHP

17th September 2023

A sparkline is a very small line graph that is intended to convey some simple information, usually in terms of a numeric value over time. They tend to lack axes or other labels and are added to information readouts in order to expand on numbers in order to give them more context.

Read more