php installation

[munim]

i have downloaded php v4 and MySQL v4 and i have IIS v5 running on windows xp pro.
what changes should i make to the php.ini file (i also need MySQL support)?
thanks

[Webforumz Staff]

Read the PHP documentation as I remember there may be one change you have to make in the php.ini file for some versions of PHP which can affect whether PHP will run or not.

If you are using this server for development then none of the other settings are strictly necessary. However, many people recognise a main security risk - declaring globals. By default when you install PHP you may use a variable in a script which has the same name as a POST or GET variable that has been sent to that script, without declaring as such in PHP. So basically if someone figures out what another variable name is in your code that controls something important, they could send it via GET or POST and change the outcome of your code - Thus, they find a potential security hole.

You can disable that (and I would certainly suggest it if you are using this installation as a server) but setting register_globals = Off in the php.ini file. This requires you to declare all your variables that are external, explicitly, like so:
$get_name = $HTTP_GET_VARS['get_name'];
$form_name = $HTTP_POST_VARS['form_name'];

That, I would say, is the most important change to make to your php.ini file. There are others... you can read through the php.ini file as it is heavily documented and therefore you can make changes based on that.

It should be mentioned, that if a script is not written to register globals, then it will not work if you turn register_globals on. It would be hoped that the script has declared it's variables anyway in this case - but that isn't always true, so be careful.

As for MySQL - You don't need to make any changes to anything in PHP. You simply use the windows installer and install MySQL. This installs the MySQL Service, which any programming language on your computer (and others on your network) can use. PHP, ASP, even C++ programs, etc can access a MySQL service. There is no configuration required from any of them to do this.

[munim]

nopes.. i tried that...
infact this is the error message i get..

Security Alert! The PHP CGI cannot be accessed directly.
This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual page for CGI security.

For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page.



and i made this change in my file


; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
cgi.force_redirect = 0;

; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
cgi.redirect_status_env = 1;

; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
fastcgi.impersonate = 1;


but it still doesn't work??:

where is the windows installer for MySQL? dont tell me to download it again pleeaasse.. i have a 56k dial up and spent half my life downloading MySQL..

[Webforumz Staff]

Hmm, I'm not sure about your IIS error. If I install PHP on windows, I do it via Apache, because it rocks...

And errm... yes you'll need to download it again...

http://www.mysql.com/get/Downloads/M...m/pick#mirrors