Does PHP automatically scan the INI files(i.e. .user.ini-style INI files(.htaccess files in case of PHP running as Apache module)) in each directory?

Question

I'm using PHP 7.2.10 on my laptop that runs on Windows 10 Home Single Language 64-bit operating system .

I've installed the latest version of XAMPP installer on my laptop which has installed the Apache/2.4.34 (Win32)

I come across following text from the PHP Manual :

.user.ini files

Since PHP 5.3.0, PHP includes support for configuration INI files on a per-directory basis. These files are processed only by the CGI/FastCGI SAPI. This functionality obsoletes the PECL htscanner extension. If you are running PHP as Apache module, use .htaccess files for the same effect.

In addition to the main php.ini file, PHP scans for INI files in each directory, starting with the directory of the requested PHP file, and working its way up to the current document root (as set in $_SERVER['DOCUMENT_ROOT'] ). In case the PHP file is outside the document root, only its directory is scanned.

Only INI settings with the modes PHP_INI_PERDIR and PHP_INI_USER will be recognized in .user.ini-style INI files.

Two new INI directives, user_ini.filename and user_ini.cache_ttl control the use of user INI files.

user_ini.filename sets the name of the file PHP looks for in each directory; if set to an empty string, PHP doesn't scan at all. The default is .user.ini .

user_ini.cache_ttl controls how often user INI files are re-read. The default is 300 seconds (5 minutes).

Following are the doubts that have created in my mind after reading the above text :

1. Does PHP automatically scan the INI files (ie .user.ini-style INI files ( .htaccess files in case of PHP running as Apache module)) in each directory? I mean isn't there a need to specify the directories of the project that contains INI files (ie .user.ini-style INI files ( .htaccess files in case of PHP running as Apache module))?
2. Is it mandatory for each directory of the project to have INI files (ie .user.ini-style INI files ( .htaccess files in case of PHP running as Apache module))?
3. Do the INI files (ie .user.ini-style INI files ( .htaccess files in case of PHP running as Apache module)) present in different directories of the project can have same directives with different values or missing some directives or having some additional directives?
4. How it is possible to set the PHP directives in a .htaccess file which is related to the Apache web server?
5. What does actually mean by the clause 'PHP scans for INI files in each directory' ? Does it mean PHP parser reads INI files in each directory ?

Please do provide answers to all of my above questions in step-by-step manner.

Thank you.

Answer 1

1. Yes but only scripts running in that directory will be affected.
2. No it is not, user ini files are to overwrite server defaults.
3. Yes they can but the lowest in the tree will overwrite the parent.

4:

#format
php_value setting_name setting_value

#example
php_value  upload_max_filesize  10M

5. I dont know

All Information can be found in the Manual: http://php.net/manual/en/configuration.php
Note that you cannot set all configurations in user.ini and .htaccess files.
See here for more info: http://php.net/manual/en/configuration.changes.modes.php .

Also note that user.ini files can be disabled in the Server configuration.

Answer 2

1 - Yes, if there is a User PHP INI and / or an .htaccess file in a directory, this will be read and will override the system php.ini

2 - No it is not required to have a PHP INI or htaccess file in every directory and most hosting provides do not allow custom PHP INI files to be used and will disable "php_value" usage from htaccess files.

3 - The PHP INI file is scanned from the root directory up to the current directory. So for example, if you default Max Upload Size is 50MB but your root directory PHP INI is set to 100MB then the 100MB takes effect. But if you are in the "Admin" directory and that has a php ini file with the Max Upload size set to 20MB, then you would be limited to 20MB files when uploading from the /admin path and all child paths (Unless they have their own PHP INI file).

4 - In the .htaccess file you can use "php_value" if your web host allows it. For example

php_value upload_max_filesize 100M

See here for a more details explanation: Overriding php.ini on server

5 - As I said in point 3. The PHP INI file is scanned from the root directory up to the current directory. So for Example, if the path is /admin/advanced it would first look at the system PHP INI, then check the Root Directory (/) and override and values then go to the admin directory and override and values and finally advanced directory.

It's worth noting that if you plan to use Shared Hosting then you most likely will not be able to use your own PHP INI files and won't be able to use php_value in your HTACCESS as most providers tend to disable these functions.

For further details please see the PHP Manual:

• http://php.net/manual/en/configuration.php
• http://php.net/manual/en/configuration.changes.modes.php .

And for Apache Override:

• http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride