PHP: php_value vs php_admin_value and the use of php_flag explainedMattias Geniar, Saturday, February 18, 2012
Back in 2009 there was a bug in the php_admin_value implementation before PHP 5.2.6. Since then, everything should run smoothly again. However, I find there's still a lot of confusion on when to use php_value, php_admin_value, php_flag and php_admin_flag. So I'll see if we can clear some of that.
When using the php_flag directive in Apache configurations, it's used to set boolean values for options. So only true/false, On/Off, ... kind of parameters. For example:
php_flag display_startup_errors off php_flag display_errors off ...
Those are only On/Off values with which you enable or disable the setting. You can use the php_flag option in Virtual Host configs, .htaccess files and the general Apache configuration. However, you can 't change every configuration value from PHP that way. You can only change the PHP_INI_ALL and PHP_INI_PERDIR options shown on the "List of php.ini directives" page.
This can only be used within the Apache configuration (general config or in a Virtual Host) and can not be used in a .htaccess. You can set any kind of php configuration setting that behaves as a boolean this way. For example:
php_admin_flag safe_mode off
By using the php_admin_flag you can not overwrite the setting from within your application using ini_set()! Whatever the value is there, it will remain so during the execution of your applications.
If php_flag is used for booleans, php_value is used for everything else. Any kind of configuration directive that takes parameters other than On/Off, you can use php_value for. For example:
php_value error_log /some/dir/to/log/php_errors.log php_value upload_max_filesize 10M ...
Just the same as the php_flag, you can not overwrite all configurations this way. Since you can use php_value everywhere (.htaccess, apache configs & virtual host), it would be unsafe. You can only change the PHP_INI_ALL and PHP_INI_PERDIR options shown on the "List of php.ini directives" page.
If you want to clear a configuration value, use the "none" value.
php_value open_basedir none
This option can only be used in the Apache configuration, not in .htaccess files. It does allow you to overwrite any configuration value possible in PHP.
By using the php_admin_value, the value of that configuration directive cannot be overwritten in the application. That means if you were to set your include_path by using php_admin_value, the application (such as the Zend Framework bootstrap) would not be able to alter the content of that configuration directive via ini_set() or set_include_path().
Only use the php_admin_value if you explicitly want to forbid that configuration directive from being changed by your application.