Posted by Richard Lynch on 01/06/05 19:46
Steve Kieu wrote:
> I am trying to debug the problem I have; which is that php seems to
> ignore all php_value I set in httpd.conf. Example I have:
> but when I access http://10.0.44.254:800/some_upload.php
> it still sees that the file upload size if 2M (set in global php.ini).
> If I comment out in php.ini; it doesn't have a value at all.
> Is it a bug in apache or php or I missed something when compiling them?
> apache-1.3.33 PHP 4.3.10.
Most flags/values can be set in httpd.conf *OR* php.ini, and over-ridden
in .htaccess, and over-ridden again in your PHP script.
I don't know for sure either way what it means to try and set something in
both httpd.conf and php.ini in general -- In most cases, the person who
has access to either has access to both and can just set it in ONE place
the way they want and move on with life. So I suspect that you're only
supposed to set it in php.ini *OR* httpd.conf
Note, however, that the particular setting you are using,
upload_max_filesize is one of the "oddball" settings that can *NOT* be
over-ridden in .htaccess nor in your PHP script with ini_set (nor in the
ancient mechanism of adding a special HIDDEN INPUT to your FORM (see the
File Upload Feature) of the PHP manual.
The reason in this case is political/business: An ISP/host who wants to
avoid a DOS attack by monster files being uploaded most likely doesn't
want their clients to *over-ride* their DOS protection. Thus, PHP simply
doesn't allow you to over-ride the setting.
You can see which settings are valid in which place (php.ini, httpd.conf,
..htaccess, ini_set) in the PHP manual.
I'm also not sure that Apache/PHP can handle "20M" in httpd.conf
I'm not real sure where/when the "20M" gets converted to 20000000 in the
But if the PHP code that *reads* php.ini is doing the conversion, then
putting "20M" in httpd.conf ain't gonna work.
If the "20M" is interpreted at a later point in the process, then it
should work in httpd.conf
So perhaps the real trouble here is that you need 20000000 instead of 20M
Trying to change upload_max_filesize in .htaccess (or with ini_set) will
I do think that the INPUT HIDDEN still "works" but PHP takes the *MINIMUM*
of the ISP's setting (in php.ini/httpd.conf) and the script (in HTML)
You can *NOT* over-ride your host's anti-DOS setting.
[Reply to this message]