PHP: php_value vs php_admin_value and the use of php_flag explained

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, February 18, 2012

Follow me on Twitter as @mattiasgeniar

Back in 2009 there was a bug in the php_admin_value implementation before PHP 5.2.6. Since then, everything should run smoothly again. However, I find there’s still a lot of confusion on when to use php_value, php_admin_valuephp_flag and php_admin_flag. So I’ll see if we can clear some of that.

php_flag

When using the php_flag directive in Apache configurations, it’s used to set boolean values for options. So only true/false, On/Off, …  kind of parameters. For example:

php_flag display_startup_errors off
php_flag display_errors off
...

Those are only On/Off values with which you enable or disable the setting. You can use the** php_flag**  option in Virtual Host configs, .htaccess files and the general Apache configuration. However, you can ‘t change every configuration value from PHP that way. You can only change the **PHP_INI_ALL** and **PHP_INI_PERDIR** options shown on the “List of php.ini directives” page.

php_admin_flag

This can only be used within the Apache configuration (general config or in a Virtual Host) and can not be used in a .htaccess. You can set any kind of php configuration setting that behaves as a boolean this way. For example:

php_admin_flag safe_mode off

By using the php_admin_flag you can not overwrite the setting from within your application using ini_set()! Whatever the value is there, it will remain so during the execution of your applications.

php_value

If php_flag is used for booleans, php_value is used for everything else. Any kind of configuration directive that takes parameters other than On/Off, you can use php_value for. For example:

php_value error_log  /some/dir/to/log/php_errors.log
php_value  upload_max_filesize  10M
...

Just the same as the php_flag, you can not overwrite all configurations this way. Since you can use php_value everywhere (.htaccess, apache configs & virtual host), it would be unsafe. You can only change the PHP_INI_ALL and PHP_INI_PERDIR options shown on the “List of php.ini directives” page.

If you want to clear a configuration value, use the “none” value.

php_value open_basedir none

php_admin_value

This option can only be used in the Apache configuration, not in .htaccess files. It does allow you to overwrite any configuration value possible in PHP.

By using the php_admin_value, the value of that configuration directive cannot be overwritten in the application. That means if you were to set your include_path by using php_admin_value, the application (such as the Zend Framework bootstrap) would not be able to alter the content of that configuration directive via ini_set() or set_include_path().

Only use the php_admin_value if you explicitly want to forbid that configuration directive from being changed by your application.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.