I subscribe to a few rss feeds relating to PHP and over today I've seen quite a few posts coming through highlighting the work of Damien Seguy from nexen.net in his latest project to gather statistics on PHP configuration settings. These include a post at
ThinkPHP,
Chris Shifletts blog and
Professional PHP.
They each have something to add . . .
ThinkPHP
- Register globals is still being used
- It's not a good idea to have a phpinfo file publicly available
Chris Shiflett
- magic_quotes_gpc is commonly enabled
- display_errors is also commonly enabled - ok in development but shouldn't be used in production
The Professional PHP post is the most comprehensive with some significant commentary and discussion. Because of its breadth I won't summarize it here but I would recommend you read the post. It is a useful addition to the main statistics, especially for anyone developing a project they want to be reusable on a variety of platforms.
The first article looking at the statistics gathered is
available here.
