PHP: php_value vs php_admin_value and the use of php_flag explained

Back in 2009 there was a bug in the php_admin_value implementation before PHP 5.2.6. Since then, everything should run smoothly again. However, I find there's still a lot of confusion on when to use php_value, php_admin_valuephp_flag and php_admin_flag. So I'll see if we can clear some of that.


When using the php_flag directive in Apache configurations, it's used to set boolean values for options. So only true/false, On/Off, ...  kind of parameters. For example:

php_flag display_startup_errors off
php_flag display_errors off

Those are only On/Off values with which you enable or disable the setting. You can use the php_flag  option in Virtual Host configs, .htaccess files and the general Apache configuration. However, you can 't change every configuration value from PHP that way. You can only change the PHP_INI_ALL and PHP_INI_PERDIR options shown on the "List of php.ini directives" page.


This can only be used within the Apache configuration (general config or in a Virtual Host) and can not be used in a .htaccess. You can set any kind of php configuration setting that behaves as a boolean this way. For example:

php_admin_flag safe_mode off

By using the php_admin_flag you can not overwrite the setting from within your application using ini_set()! Whatever the value is there, it will remain so during the execution of your applications.


If php_flag is used for booleans, php_value is used for everything else. Any kind of configuration directive that takes parameters other than On/Off, you can use php_value for. For example:

php_value error_log  /some/dir/to/log/php_errors.log
php_value  upload_max_filesize  10M

Just the same as the php_flag, you can not overwrite all configurations this way. Since you can use php_value everywhere (.htaccess, apache configs & virtual host), it would be unsafe. You can only change the PHP_INI_ALL and PHP_INI_PERDIR options shown on the "List of php.ini directives" page.

If you want to clear a configuration value, use the "none" value.

php_value open_basedir none


This option can only be used in the Apache configuration, not in .htaccess files. It does allow you to overwrite any configuration value possible in PHP.

By using the php_admin_value, the value of that configuration directive cannot be overwritten in the application. That means if you were to set your include_path by using php_admin_value, the application (such as the Zend Framework bootstrap) would not be able to alter the content of that configuration directive via ini_set() or set_include_path().

Only use the php_admin_value if you explicitly want to forbid that configuration directive from being changed by your application.

Hi! This is a blog where I write down solutions to some of the problems I've faced when working as a sysadmin/dev. I hope you find the information shown here useful to you. Please use the comments on this blog to give feedback about the content!. I'm @mattiasgeniar on Twitter.

Tagged with: , , , ,
Posted in php
0 comments on “PHP: php_value vs php_admin_value and the use of php_flag explained
3 Pings/Trackbacks for "PHP: php_value vs php_admin_value and the use of php_flag explained"
  1. [...] only works when the PHP flag expose_php is set to 'On' in the php.ini configuration. This is the case by default when you take [...]

  2. - We are php says:

    [...] this quick post to his blog Mattias Geniar looks at three different Apache flags you can use in your [...]

  3. [...] (typeof(addthis_share) == "undefined"){ addthis_share = [];} In this quick post to his blog Mattias Geniar looks at three different Apache flags you can use in your [...]

Leave a Reply

Your email address will not be published. Required fields are marked *



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>