php.iniの話

php.iniͷ࿩

View Slide

builderscon tokyo 2016
2016/12/3

View Slide

ࣗݾ঺հ
uzulla

View Slide

ͦΜͳ͜ͱΑΓ

View Slide

PHP7.1.0
release!

View Slide

!!!!!!
» Nullable types
» Void return type
» Iterable pseudo-type
» Class constant visiblity modifiers
» Square bracket syntax for list() and the ability to specify keys
in list()
» Catching multiple exceptions types

View Slide

View Slide

࿩͠Λ໭͠·͢

View Slide

͑ͬɺphp.iniͷ࿩ΛҰ࣌ؒʁ

View Slide

View Slide

ʮօ͞ΜPHPΛ஌͍ͬͯ·͢ʯ

View Slide

» ΋͸΍஌Βͳ͍ͱ͸ݴΘ͞ͳ͍
» ͳͷͰɺPHP͕Ͳ͏͍͏΋ͷͳͷ͔ͱ͍͏ͷ͸লུ

View Slide

php.iniΛ͍ͬͯ͠·͔͢ʁ
» php࣮ߦ࣌ͷ༷ʑͳεΠον
» ಺෦ͷจࣈίʔυͱ͔…
» ೔෇ܭࢉ࣌ͷλΠϜκʔϯͱ͔…

View Slide

จࣈίʔυؔ࿈Ͱͷྫ
php > echo strlen("͍͋͏͓͑");
15
» strlen͸ϚϧνόΠτඇରԠؔ਺
» UTF-8Ͱ͸̍จࣈ͕3όΠτͳͷͰɺ5จࣈ͕15όΠτͱͯ͠ܭࢉ͞Ε
͍ͯΔ

View Slide

໪࿦PHP͸ϚϧνόΠτͷจࣈྻ΋ಡΈॻ͖Ͱ͖·͢ɻ
php > echo mb_strlen("͍͋͏͓͑");
5
» ϚϧνόΠτରԠؔ਺(mbؔ਺)Λ࢖͏ࣄͰਖ਼͘͠ॲཧ͕Ͱ͖Δ
» ͨͩ͠ɺੈͷத͸UTF-8͚ͩͰ͸ͳ͍
» UTF-16LE, SJIS, EUC-JP ...

View Slide

mbؔ਺͸ɺѻ͏จࣈίʔυΛઃఆ͔Β൑அ͍ͯ͠Δ
php > var_dump( ini_get("mbstring.internal_encoding"));
string(5) "UTF-8"
» ͔ͩΒɺ͖͞΄Ͳmb_strlen͕ਖ਼͘͠਺͑ΒΕͨ
» mbstring.internal_encodingͱ͍͏Ωʔʹɺ
"UTF-8"ͱ͍͏஋͕͸͍͍ͬͯ·͢ɻ
͜Ε͕php.iniͷઃఆͰ͢ɻ
» ͜͏͍͏ઃఆ͕ɺʢ؀ڥʹΑΔ͕ʣΏ͏ʹ200ݸҎ্͋Δ

View Slide

ઃఆΛɺUTF-8͔Βม͑ͯΈΔ
5
php > ini_set("mbstring.internal_encoding", "SJIS-win");
8
» ͱ͍͏͜ͱͰɺ಺෦ॲཧΛSJIS-win(cp932)ʹ͢Δͱ…
» ͦͷ৔͔ΒΤϥʔ΋ͳ͘ɺจࣈ਺͕ਖ਼͘͠Χ΢ϯτͰ͖ͳ͘ͳΔɻ

View Slide

ʮͳΜͰݴޠʹ͜ΜͳεΠον͕͋Δͷʁίʔυʹ͔͚͹͍͍ͷͰ͸ʁʯ
» ʢͦΕ΋ʢ͋Δఔ౓ʣͰ͖·͕͢ʣ
» ࠩҟΛphp.iniʹूΊɺίʔυ͸मਖ਼ແ͘ಈ͔͍ͨ͠ͱ͍͏ر๬ͱɺ
» ʢ࣮ࡍɺ͜Ε͸͔ͳΓ੒ޭ͍ͯ͠Δʣ
» աڈͷޓ׵ੑΛอͭͨΊͷ౒ྗͳͷͰ͢ɻ
» ʢͨͱ͑͹ੲ͸UTF-8ͳΜͯ࢖ΘΕͯͳ͔ͬͨ͠ʣ

View Slide

·ͱΊ
» PHP͸ઃఆϑΝΠϧ͕͋Δ
» தʹ͸େྔͷઃఆεΠον͕͸͍͍ͬͯΔ
» ͦΕ͸ɺΩʔͱ஋ͷू߹Ͱ͋Δ

View Slide

php.iniͷྺ࢙

View Slide

php.iniͷྺ࢙
» php.ini͸php3͔Βొ৔
» 1998೥ͷࣄ
» ݱࡏͷ࠷৽͸php7.1.0
» ࠓ͸2016೥
» 18೥ͷ݄೔͕ྲྀΕ͍ͯ·͢ɻ

View Slide

PHP3.0ͷphp.ini-distʢൈਮʣ
[PHP_3]
engine = On ; enable PHP 3.0 parser
short_open_tag = On ; allow the tag. otheʙ
precision = 14 ; number of signiﬁcant dʙ
y2k_compliance = Off ; whether to be year 2000ʙ
safe_mode = Off
safe_mode_exec_dir =
max_execution_time = 30 ; Maximum execution tiʙ
memory_limit = 8388608 ; Maximum amount of meʙ
error_reporting = 7

View Slide

PHP7ͷiniʢൈਮ
[PHP]
engine = On
short_open_tag = Off
precision = 14
serialize_precision = 17
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

View Slide

มΘͬͯͳ͍Ͱ͢Ͷ
» օ͞Μ͕਌͠Έ͋Δ߲໨͹͔Γ
» safe_mode΍y2k_complianceʢջ͔͍͠ʣͱ͔͸ফ͑ͨ
» memory_limitͷσϑΥϧτͱ͔͸ແ࿦(?)૿͑ͨ
» error_reporting͸ఆ਺Խ
» php3 213ߦ => php7 1933ߦ
» ʢίϝϯτ͕ಛʹ૿͑ͨʣ

View Slide

» ʮphp.iniͷ஌ࣝ͸20೥࢖͑Δ!ʯʢ͔ͩΒʁ
» ͨͿΜ php8,9,10΋ʂʢ͋Δͷ͔ʁ
» ͍҃͸PHP2020ͱ͔Ͱ΋͔ͭ͑ΔͩΖ͏
» ʮ(͓ͦΒ͘)20೥Ҏ্࢖͑Δphp.iniΛ֮͑Δͷ͸όϦϡʔ!(?)ʯ
» ʮͳΜͱHHVMͰ΋͔ͭ͑Δٕज़✌ʯ
» (.hdfͱ͍͏ίϯϑΟά͸ແ͔ͬͨࣄʹ͞Εͭͭ͋Δ)

View Slide

ͱ͍͏͜ͱͰ
» օ͞Μͷҙཉ͸༙͍͖ͯ·ͨ͠ʁ!
» ʢҙཉ͕༙͍ͨΒਅ໘໨ʹ࿩͠ɺҙཉ͕ͳͦ͞͏ͳΒ…"ʣ

View Slide

جૅ஌ࣝ

View Slide

جૅ஌ࣝ
» php͸ΠϯλϓϦλݴޠͰ͢
» ΢ΣϒΞϓϦέʔγϣϯ։ൃʹ࢖ΘΕΔલఏͰ͢
» ࠓ೔͸phpΛ
» ࣮ߦΤϯδϯ
» SAPI
» ͰɺΘ͚ͯߟ͑·͠ΐ͏

View Slide

PHPͷ࣮ߦ؀ڥͬͯ৭ʑ͋Δ
» Apache+mod_php
» Apache+CGI
» nginx+FastCGI
» IIS+FastCGI
» builtin server
» (΋ͬͱ͋Δ)

View Slide

PHPͷੌ͍ॴ
» ͜ΕΒόϥόϥͷ࣮ߦ؀ڥͰ
» ʮಉҰίʔυͷWordPress͕ಈ͘ʯ
» ͱ͍͏Ϩϕϧͷޓ׵ੑ͕͋Δ
» ͭ·Γ…

View Slide

PHP͸ɺίʔυमਖ਼ແ͠ʹ
12ԯ
ͷαΠτͰಈ͘ʂ

View Slide

ʮ30ԯͷσόΠεͰಈ͘Javaʹ͸ෛ͚ͨʢʣʯ

View Slide

ʢࡶͳࣄΛ͍͍·ͨ͠ʣ
» ਺ࣈͷཧ۶ͷग़య
» Netcraftᐌ͘ɺωοτͷαΠτ਺͸໿15ԯɺ
» https://news.netcraft.com/archives/2016/11/22/
november-2016-web-server-survey.html
» w3techsᐌ͘ɺPHPγΣΞ͸82%
» https://w3techs.com/
» ʢ15ԯͷ80%͕12ԯʣ

View Slide

େ෼਺ࣈ͸੝Γ·͕ͨ͠
» ࣮ࡍɺPHPͷ99%ͷ࣮ߦ؀ڥͰ
» ͋ͷWordPress΍Β͕
» PHPͷίʔυमਖ਼ෆཁͰ͏͘͝ʂ
» ͜Εͦ͜PHP!!

View Slide

» ʮઈରͩͳʁྫ֎ͳ͠ʁʯʮ΢ο…શ෦ࢼͨ͠༁Ͱ͸ແ͍…ʯ
» ʮগͳ͘ͱ΋ɺCLI͸ผ…ʯʮӕ͖ͭͩʂʂʯ

View Slide

ʢҰ෦ͷΈͳ͞Μʣ
ʮ͑ͬɺͦΕͬͯੌ͍ͷʁʯ

View Slide

» ʮ͡Ό͋ɺPerlͰɺmod_perlͱCGIͱPlackͰ̍ίʔυͰಉ౳ʹಈ
࡞͢Δ΢ΣϒΞϓϦͷॻ͍ͯΑʂʂʂʂʯ
» ʮ͡Ό͋ɺRubyͰʢ͈́ʯ
» ʮ͡Ό͋ɺ͡Ό̱ʢ͈́ʯ
» ʮʢ͈́ʯ
» ʢεʔύʔΤϯδχΞͳΒॻ͚Δ͔΋͠Εͳ͍͚Ͳɺ
ɹ૬౰มͳίʔυʹͳΔʣ

View Slide

؀ڥͷࠩΛຒΊͯΔͷ͕SAPI
» SAPI͕ɺ؀ڥͱPHPΤϯδϯͷؒͰͱΓͳ͍ͯ͠Δ
» SAPIͷ͓ӄͰɺphpʢͰॻ͔ΕͨϓϩάϥϜʣ͸
» echo͢Ε͹ϒϥ΢βʹग़Δ
» Τϥʔ͕ΤϥʔϩάʹͰΔ
» $_POST΍$_FILEͰύϥϝλ͕ͱΕΔ
» ແ৺Ͱηογϣϯ͕࢖͑Δʢ$_COOKIE౳ɺhttpϔομʣ
» …ͱ͍ͬͨ͜ͱ͕ීวతʹѻ͑Δ

View Slide

SAPIͱ͸ʁ
» Server API ͷུ
» mod_phpɺCGIɺFastCGIɺCLIɺ౳ʑ
» ૊Έ߹ΘͤΔhttpd΍؀ڥʹ߹ΘͤͯબͿ
» apacheͳΒmod_php,CGI,FastCGI
» nginxͳΒFastCGI
» IISͳΒCGI,FastCGI

View Slide

ͦΕͧΕͰ݁ߏҧ͏
» ಉ͡ʮPHPʯ͚ͩͲɺSAPIຖʹҧ͏όΠφϦͩͬͨΓ͢Δ
» mod_php͸libphp7.soɺCGI͸php-cgiɺCLI͸php
» ʢFastCGIͱCGIΈ͍ͨͳྫ֎΋͋Δ͚Ͳʣ

View Slide

» httpdͱಉҰϓϩηεͰ͏͘͝ ʢmod_phpʣ
» ඪ४ೖग़ྗͰ΍ΓͱΓ͢Δ ʢCGI,CLIʣ
» FastCGIϓϩτίϧͰ΍ΓऔΓ͢Δ ʢFastCGIʣ
» httpͰ΍ΓऔΓ͢Δ …ͷ͸ͳΜͱແ͍
» ʢBuiltin server͸։ൃ༻Ͱ͢ʣ

View Slide

» (ྫ֎΋͋Γ·͢)
» (ʮPHPࣗମʯ͕httpdʹͳΔ΍ͭͱ͔
» (reactPHP
» (Swoole
» (AppServer.IO
» (౳
» (Ͱ΋ɺݟͨࣄͳ͍Ͱ͠ΐʁ)

View Slide

Ͱɺຊ୊ͷphp.iniͱSAPIɺͲ͏ؔ܎͕ʁ
» ৭ʑΛSAPI͕ٵऩͯ͠ɺphpίʔυʹ͸ޓ׵ੑ͕͋Δ
» ͔͠͠ɺphp.ini͸ͦ͏΋͍͔ͳ͍ͷͰ͋ͬͨ
» αʔόʔߏ੒͕શવҧ͏
» ౰વɺઃఆͷ࢓ํ΋݁ߏҧ͏
» ໪࿦ɺઃఆͰ͖Δ߲໨͕ଟগҧ͏
» ͭ·Γɺphp.iniΛ஌Δʹ͸SAPIΛҙࣝ͢Δඞཁ͕͋Δ

View Slide

۩ମతʹ͸ʁ
» ޙड़͠·͢
» php.iniͷ৔ॴ͕ҧ͏
» օେ޷͖.htaccess͕ͳ͔ͬͨΓ
» σϑΥϧτ஋͕มΘΔ
» ౳

View Slide

్த·ͱΊ
» ༷ʑͳ࣮ߦ؀ڥ͕͋Δ͕ɺphp͸Ͳ͜Ͱ΋ಉ༷ʹಈͧ͘ʂ!
» ࠩҟ͸SAPI౳͕ٵऩ͍ͯ͠Δ"
» ͔͠͠ɺphp.iniʢ΍ͦͷपลʣ͸ͦͷݶΓͰ͸ͳ͍#
» ʢͱ͸͍͑ɺϝδϟʔͳ؀ڥͷ৘ใ͸άάΕ͹͙͢Ͱ͖ͯ·͢ɻ
ɹେਓؾPHPͩ΋Μʣ
» ʢ"PHP ʹΑΔ hello world ೖ໳"ͱ͍͏هࣄ͕ͱͯ΋ྑ͍Ͱ͢
ɹhttp://tech.respect-pal.jp/php-helloworld/ʣ

View Slide

php.iniΛݟΔ

View Slide

[PHP]
;;;;;;;;;;;;;;;;;;;
; About php.ini ;
;;;;;;;;;;;;;;;;;;;
; PHP's initialization ﬁle, generally called php.ini, is responsible for
; conﬁguring many of the aspects of PHP's behavior.
ུ
engine = On
expose_php = On
max_execution_time = 30
max_input_time = 60

View Slide

Ͳ͜ʹ͋Δͷ͔!
» /etc ҎԼΛ୳͢
» CLIͰ php --ini
» phpinfo() ͷʮLoaded Configuration Fileʯͱ
ʮAdditional .ini files parsedʯ
» php_ini_loaded_ﬁle() ͱ
php_ini_scanned_ﬁles();ͷฦ஋

View Slide

஫ҙ
» ✅ʮௐ΂͍ͨ؀ڥͷɺௐ΂͍ͨϑΝΠϧͰ͠Β΂Ζʂʯ
» ⚠ʮCLIͷphpͱɺوํ͕ௐ΂͍ͨ؀ڥ͸ຊ౰ʹಉ͡php͔ʁʯ
» ·Δ͖ͬΓผͷϑΝΠϧͳΜͯࣄ͕βϥʹ͋Δ#
» SAPIͰphp.iniͷ৔ॴ͕ࢦఆͰ͖Δ
» ଞʹ΋͋Δ͚Ͳޙड़
» ⚠ඇtext/htmlͳAPI౳͸phpinfo()͸໘౗ͩͧʢޙड़ʣ

View Slide

ඞવతʹ
» php_ini_loaded_ﬁle() ͱ php_ini_scanned_ﬁles();ͷฦ஋͕ɺ
҆શͩͱ͓΋ΘΕ·͢ʢݸਓతҙݟͰ͢ʣ
» ͜ΕΛฦ஋Ͱऔಘ͠ɺͲ͔͜ͷϑΝΠϧʹͰ΋ॻ͖ग़͍ͯͩ͘͠͞
» ʢ!ʮ໘౗ɺ஫ҙ͢Ε͹php --ini΍phpinfoͰ͍͍ͷͰ͸ʁʯ
ɹ"ʮ͸͍ɺ΅͘΋Αͦ͘ΕͰௐ΂·͢ʯʣ

View Slide

ௐ΂͍ͨॴʹίʔυૠೖ
$info = php_ini_loaded_ﬁle().",\n";
$info .= php_ini_scanned_ﬁles();
error_log($info); // ϑΝΠϧʹग़ྗ
ҎԼ݁Ռ
/Users/uzulla/.phpenv/versions/7.0.1/etc/php.ini,
/Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/xdebug.ini,
/Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/my_special.ini

View Slide

tips: σόοάϩάΛͲ͔͜ʹग़͢ͳΒ…
» ﬁle_put_contents('/tmp/info.txt', $info);
» ఆ൪ɺָͰ͸͋Δ
» ೋճ૸ͬͨΒ্ॻ͖͞ΕͪΌ͏…ʢAppend͢Δʁʣ
» /tmp ʹݟ͔ͭΒͳ͍ࣄ΋
» ࠷ۙ͸ private tmp ͱ͍͏΋ͷ͕͋ͬͯͳ…

View Slide

» phpʹ͸error_log()ͱ͍͏ศརؔ਺͕͋Δ
» error_log($info);
» نఆͷΤϥʔϩάʹͰ·͢
» ʢͨͱ͑͹ɺapacheͷerror_logʹग़Δʣ
» error_log($info, $ﬁlename); ͱϑΝΠϧ໊ࢦఆ΋Ͱ͖·͢
» ʮ௕͍ͱ੾ΓࣺͯΒΕΔͷͰɺͦͷ৔߹͸php.iniͰ
log_errors_max_lenΛ;΍͠·͠ΐ͏ʯʮ͏ʔΜʯ

View Slide

ॴͰ…
» php.iniͬͯҰ͔ͭ͠ͳ͍ΠϝʔδͳΜ͚ͩͲɺͳΜͰෳ਺͋Δͷʁ
/Users/uzulla/.phpenv/versions/7.0.1/etc/php.ini,
/Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/xdebug.ini,
/Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/my_special.ini

View Slide

» Config file scan directoryͱΑ͹Εɺ࠷ۙΑ͔ͭ͘ΘΕ͍ͯ·͢
» php --ini ౳Ͱ͠Β΂ΒΕ·͢(Scan for additional .ini files)
» ༗ΔσΟϨΫτϦҎԼͷ *.ini ͕શ෦ಡ·Ε·͢ɺ/etc/php.ini ͱ
ಉ౳
» ʮΠϯϑϥετϥΫνϟʔΞζίʔυʹͽͬͨΓ!ʯ
» ʢphp.iniͷઃఆΛॻ͖׵͑Δͷʹɺsedͱ͔΋͏ͨ͘͠ͳ͍͔Β
Ͷ…ʣ
» ͳ͓ɺಉҰͷઃఆهड़͕͋ͬͨ৔߹ɺ্ॻ͖͞Ε·͢

View Slide

·ͱΊ
» php.iniͷ৔ॴ͕օ͞ΜΘ͔Γ·ͨ͠Ͷ
» ܁Γฦ͠ʹͳΔͷͰ͕͢ɺ͔ͳΒͣ
✅ʮௐ΂͍ͨϑΝΠϧͷɺௐ΂͍ͨߦͰௐ΂Δʯ
ࣄΛ๨Εͳ͍Ͱ͍ͩ͘͞Ͷɻ

View Slide

php.iniΛॻ͘

View Slide

» php.ini͸ςΩετͷઃఆϑΝΠϧͰ͢
» ݟͨΒղΔఔ౓ͷγϯϓϧͳ΋ͷͰ͢
» Ͳ͏͍͏߲໨͕͋Δ͔͸ɺphp.netΛΈΑ͏ʢࡶʣ

View Slide

ϑΥʔϚοτʹ͍ͭͯ
; comment here
[hoge]
key = value
key2 = "this is value2"
key3 = On
key4 = This is value4 ; ΫΦʔτ͸࣮͸ෆཁ

View Slide

» γϯϓϧͳɺΩʔͱ஋ϖΞ
» ;ͷޙ͸ίϝϯτͰ͢
» [ʙ]͜Ε͸ແࢹ͞Ε·͢ɺԿΛॻ͍ͯ΋ҙຯͳ͍Ͱ͢ɻ
» ͦ͏ʮ⚠sectionʹҙຯ͸ແ͍ʯΜͰ͢ʢҎ֎ͱ஌ΒΕͯͳ͍ʣ
» ໨ҹͰ͔͠ͳ͍
» (hoge[] = fugeͱ͍͏ॻ͕ࣜ͋Δ͕ɺݟ͔͚ͳ͍)

View Slide

ܕ͸(࣮࣭)ೋछྨ͚ͩ
» String
» Boolean
» On/Off, true/false, yes/no,none
» ⚠boolean͸ஸೡʹ͔͍͋ͭ·͠ΐ͏

View Slide

» (integer)
» ʢͬͯ͋Δ͚Ͳɺ࣮࣭StringͰ͸…ʣ

View Slide

ಉ͡Ωʔ͕͋Ε͹ɺ্ॻ͖Ͱ͢
mbstring.strict_detection = On
mbstring.strict_detection = Off
// OffʹͳΓ·͢
» ॏෳ͸ΤϥʔʹͳΓ·ͤΜ

View Slide

» ͨͩ͠ɺॱং͕ҙຯΛ࣋ͭ৔߹΋͋Γ·͢
» ྫɿmbstring.languageͱmbstring.internal_encoding
» ྫɿdefault_charsetͱinternal_encoding
» ʢলུ͞Εͨͱ͖ɺ͋Δ஋Λ҉໧ͰσϑΥϧτͱͯ͠࢖͏ɺ౳ʣ

View Slide

ಥવphp.iniΫΠζʂ

View Slide

ҎԼͷߦɺͲΕ͕ʮΤϥʔʯʂʁ
k1 = 1
k2 = True
k3 = On
k4 = "On"
k5 = text contain
new line.
k6 = text

View Slide

ਖ਼ղ͸ɺʮΤϥʔʯʹ͸ͳΓ·ͤΜʂʂ
» ʮΤϥʔͰ͓͜ΒΕͳ͍͚Ͳʯk5ͷ஋͸"text contain"ͱͳΔ
» A=B ܗࣜҎ֎͸ಡΈඈ͹͞ΕΔ
» ⚠ͭ·Γɺϛεͬͯ΋͖͔ͮͳ͍ͧʢ஫ҙʂʣ
» ⚠BooleanʹޡͬͨςΩετΛ͋ͯͯ΋ແࢹ͞Ε·͢
» Α͋͘Δྫ: hoge = enable ͱ͔…

View Slide

ୈೋ໰

View Slide

ҎԼͷߦɺͲΕ͕ʮΤϥʔʯʂʁ
೔ຊਓ = ೔ຊޠ
# hoge = 1
1
echo
!
⭕=❌
[]
]

View Slide

ਖ਼ղ͸ɺʮΤϥʔʹͳΓ·ͤΜʯʂʂʂʂ
» ⚠܁Γฦ͠ʹͳΓ·͕͢ɺϛεͬͯ΋ؾ͚ͮͳ͍ͧ

View Slide

ΤϥʔʹͳΔͷ͸ҎԼ͘Β͍Ͱ͢
» ߦͷઌ಄ʹ =
» ಉҰߦʹ ] Ͱด͡ΒΕ͍ͯͳ͍ [

View Slide

ͱ͜ΖͰɺಠࣗͷΩʔ͸ೖΕΒΕΔͷ͔ʁ
» ࣗ෼ͷΞϓϦͷม਺ͱ͔ɺτʔΫϯͱ͔
» ෆՄೳͰ͢ɺແࢹ͞Ε·͢ɻ
» ͦ͏͍͏ศར؀ڥม਺Ͱ͸ͳ͍

View Slide

؀ڥม਺ΛಡΈࠐΊΔΑ
» mysqli.default_user = ${MYSQL_DEFAULT_USER}
» ͔ͭͬͨ͜ͱ͸΄΅ແ͍ͳ…!
» ʢPHPੈքͰ͸ɺ͋·Γ؀ڥม਺͸͔ͭΘΕͳ͍(ओ؍ʣʣ

View Slide

ΤϥʔʹͳΒͳ͍ͷා͍ʁlint͍ͨ͠ʁ
» iniΛύʔε͢Δؔ਺͸͋Γ·͢
» parse_ini_ﬁle, parse_ini_string
» http://php.net/manual/ja/function.parse-ini-file.php
php > var_dump(parse_ini_ﬁle('dummy.ini'));
array(9) {
["k1"]=>
string(1) "1"
ུ

View Slide

» ͨͩ͠ɺʮphp.iniʯͱͯ͠ਖ਼͍͔͠Ͱ͸ͳ͍
» ⚠php.iniͱͯ͠ਖ਼͍͔͠lint͢Δπʔϧ͸ແ͍
» ʢͭΒ͍ʣ
» ํ๏͸ޙड़͠·͕͢ɺઃఆͨ͠Βඞͣ֬ೝ͠·͠ΐ͏

View Slide

൓ө͢Δʹ͸…
» php ࣮ߦ؀ڥΛ࠶ىಈ
» apache
» php-fpm
» ౳

View Slide

൓ө͞Εͳ͍Μ͚ͩͲʁ!
» ͪΌΜͱ࠶ىಈͨ͠ʁCLIͱmod_php͸ผͰ͢Α
» nginxΛ࠶ىಈͯ͠ͳ͍ʁ(fpmΛ࠶ىಈ͠·͠ΐ͏)
» php.iniͷ৔ॴɺؒҧ͑ͯͳ͍ʁ
» ಠཱͨ͠phpinfo()Ͱ͸൓ө͞Εͯͳ͍ʁ
» ൓ө͕ޙʑ্ॻ͖͞Ε͍ͯͳ͍ʁʢޙड़ʣ
» ҰԠϩά΋ݟΑ͏

View Slide

·ͱΊ
» php.ini͸ςΩετͷઃఆϑΝΠϧ
» จ๏ϛε΍هೖϛε͸εϧʔ͞ΕΔͧ
» ઃఆͨ͠Βɺ͙֬͢ೝ
» ൓өʹ͸࠶ىಈ

View Slide

php.iniΛௐ΂Δ

View Slide

» !ʮ͖ͬ͞࿩ͨ͠ͷͰ͸ʁʯ
» "ʮphp.iniϑΝΠϧ(ઃఆ)ͱɺphp.ini(ݱ࣮)͸ҧ͏ʯ

View Slide

Ͳ͜Ͱ΋ઃఆͰ͖ͯศརͳphpͷઃఆ৔ॴࣄྫ
» php.ini ΍ scan dirͷ.ini
» httpd.conf ΍ nginx.conf
» .htaccess ΍ .user.ini
» ϢʔβʔϓϩάϥϜ಺
» ʮ͋Δؔ਺(౳)Λ࣮ߦ͢Δͱɺ҉໧ʹมΘΔʯ
» ؀ڥม਺ɺWindowsͷϨδετϦ…etcetc

View Slide

» ͭ·Γɺphp.iniʢϑΝΠϧʣΛ͍͘Βݟͯ΋ແବͱ͍͏͜ͱͩʂ
ϫϋϋϋʂ!

View Slide

» ϫϋϋͰ͸ͳ͍!

View Slide

ͳ͓
» ʮͲ͜Ͱઃఆ͞ΕΔ͔ʯΛશ෦ௐ΂Δࣄ͸ࠔ೉
» ͦ΋ͦ΋ɺͲ͜Ͱઃఆ͞Εͨͷ͔͕໾ཱͭࣄ΋গͳ͍
» ⚠มΘ͍ͬͯΔͱ͍͏͜ͱ͸ɺͲ͔͜Ͱҙਤ͕͋ͬͯ΍͍ͬͯΔ
» ⚠্ҐͰ͔͑ͪΌ͏ͱϩΫͳ͜ͱʹͳΒͳ͍

View Slide

͓΋͍ͩ͠·͠ΐ͏
» ✅ʮௐ΂͍ͨ؀ڥͷɺௐ΂͍ͨϑΝΠϧͰ͠Β΂Ζʂʯ

View Slide

» ͱɺ͍͏͜ͱͰɺօ͞Μ͸php.iniʢཧ૝ʣΛݟ্ͨͰɺphp.iniʢݱ
࣮ʣ΋ݟΔඞཁ͕͋Δͷͩͬͨ…ɻ

View Slide

ௐ΂ΔͨΊͷؔ਺
» phpinfo > লུ
» ini_get > Α͔ͭ͘͏
» ini_get_all > ࢲ͸Α͔ͭ͘͏
» get_cfg_var > ໨త͕ҧ͏

View Slide

࢝·ΓͱऴΘΓͷ஍ɺphpinfo()
phpinfo();
» ͢΂͕ͯ͜͜ʹ͋Δ
» جຊதͷجຊ

View Slide

ม਺ʹΩϟϓνϟ͸Ͱ͖ͳ͍ͷͰ…
ob_start();
phpinfo();
$info = ob_get_clean();
ﬁle_put_contents('/tmp/phpinfo.html', $info);
» ͠ΜͲ͍ɺͷͰɺඍົɻ

View Slide

ini_get()
» ini_get ( string $varname )
» ݱࡏͷઃఆΛҰͭऔಘͰ͖Δ
» ⚠ࣦഊ࣌ʹ͸False͕ฦΔ
» ⚠ฦ஋͸ʮStringʯͰ͋Δ

View Slide

ʮࣦഊ࣌ʹfalseΛฦ͠·͢ʯ
» ϛΤϛΤͷ᠘
» ⚠PHPͷࣗಈม׵ͰɺfalseͱۭจࣈΛϛεΔ
» Α͋͘Δϛε͕ҎԼ
if( ini_get('display_error') ){
die('display_error͸ফ͠·͠ΐ͏');
}

View Slide

if( ini_get('display_errors') ){
die('display_errors͸ফ͠·͠ΐ͏');
}
» ʢ͜ͷίʔυ͕Ͳ͏ͳͷ͔ɺͱ͍͏ͷ͸ଞॴʹஔ͘ͱͯ͠ʣ
» ͨͩ͘͠͸display_errorsʢݸਓతʹΑ͋͘ΔTypoʣ
» ΩʔΛؒҧ͑Δͱɺ͔ͳΒͣfalseʹͳΔ
» ʮ·͋ɺ===΍Ε͹͍͍Ͱ͢ΑͶʂʯʢ܇࿅͞Εͨਓؒͷൃ૝ʣ

View Slide

ʮini_get͸StringͰฦ͖ͯ͠·͢ʯ
» ͦ͏Ͱ͔͢
» ΈͯΈ·͠ΐ͏

View Slide

// php.iniʢϑΝΠϧʣͰ͸ Off ͩͱ…
short_open_tag = Off
// ͜ͷΑ͏ʹۭจࣈ͕ฦͬͯ͘Δ
php > var_dump(ini_get('short_open_tag'));
string(0) ""
» php.ini هड़ͷ··Ͱ͸ͳ͍ʢྫ֎΋͋Δʣ
» มΘΔͷ͸ྑ͍͕ɺॳݟࡴ͠Ͱ͢
» ͳͥ On/Offɺtrue/falseɺ1/0 ౳Ͱͳ͍ͷ͔…
» ʮࣗಈม׵ͷPHPͰ͢ɺ׳Ε·͠ΐ͏!ʯ

View Slide

php > var_dump( ini_get('upload_max_filesize'));
string(4) "2M"
» upload_max_filesize ͸هड़͕ͦͷ··Ͱ͖ͯ·͢
» upload_max_filesize ͷࢦఆʹ͸ɺK,M,GͳͲͷ୹ॖه๏͕࢖͑ͯਓ
͕ಡΈ΍͘͢Ͱ͖Δɻ
» http://php.net/manual/ja/
faq.using.php#faq.using.shorthandbytes
» ͔͜͠͠ΕʹΑͬͯҾ͖ى͜͞ΕΔ൵ܶʂ()

View Slide

php > echo ini_get('upload_max_ﬁlesize');
2M // 2Mbyte = 2*1024*1024
if( 1*1024*1024 > ini_get('upload_max_ﬁlesize') )
{ die("plz more!!!"); } //-> plz more!! // ͋ΕΕΕʁ
php > echo (int)"2M"; // "2M"Λ਺஋΁Ωϟετ
2
» ⚠օ͞Μ͝ଘ͡ɺ"2M" ͕ධՁͰ 2 ʹͳΔ҆ఆͷࣗಈม׵
» ͪͳΈʹɺ୹ॖه๏ΛόΠτʹม׵͢Δؔ਺͸ͳ͍ɻͳΜͰ΍…
» ֤ࣗॻ͔͘ɺൿ఻ͷͨΕΛάάΓ·͠ΐ͏(෗ͬͯͳ͍͔֬ೝ΋)

View Slide

࿩Λ໭ͯ͠
» ini_get()ͷ࿩Ͱͨ͠Ͷ

View Slide

ini_get_all()
» ini_get_all([str $extension [,bool $details]])
» ݱࡏͷઃఆΛɺશ෦ΛऔಘͰ͖Δ
» Ҿ਺͸(null, false)͕͓͢͢Ί
» ฦ஋͸Ωʔͱ஋ͷ഑ྻ

View Slide

php > var_dump(ini_get_all());
array(233) {
["allow_url_fopen"]=> // Ωʔ໊
array(3) {
["global_value"]=> // άϩʔόϧͷ஋ʢʁʣ
string(1) "1"
["local_value"]=> // ݱࡏͷ஋
string(1) "1"
["access"]=> // ΞΫηεϨϕϧ
int(4)
}

View Slide

null, false ࢦఆྫ
php > var_dump( ini_get_all(null,false));
array(233) {
["allow_url_fopen"]=>
string(1) "1"
["allow_url_include"]=>
string(0) ""

View Slide

໪࿦͜͏͢Ε͹୯ମͷ஋΋ͱΕ·͢
var_dump( ini_get_all(null, false)['display_errors'] );
string(0) ""
» ⚠ͱ͜Ζ͕ɺini_getͱ͸ڍಈ͕ҟͳΔ

View Slide

php > var_dump(ini_get('upload_tmp_dir'));
string(0) ""
php > var_dump(ini_get_all(null, false)['upload_tmp_dir']);
NULL // ಥવͷNULLʂʂ
» ʮ໊લ͕ࣅͯΔ͚ͩͰɺೋͭؔ਺ͷฦ஋͕ಉ͡ͱ୭͕ݴͬͨʁʯ
» ຊདྷ upload_tmp_dir ͸ɺ(php.netᐌ͘)σϑΥϧτ͕NULL
» ini_getͷ΄͏͕ਖ਼͘͠(?)ͳ͍
» ܕΛҙࣝͨ͘͠ͳΓ·͢Ͷʂ

View Slide

ͭ·Γɺ஋͸औΕΔ͕ཁ஫ҙ
» ࠓճ͸var_dumpΛ͔ͭͬͯ·͕͢ɺฦ஋͕ͳ͍ͷͰॻ͖ग़ͮ͠Β͍!
» phpinfoͱಉ༷ɺob͔ͭ͑͹औΕΔ
» print_rͰ͸ฦ஋ʹग़དྷΔͷʹ…

View Slide

ΈΜͳେ޷͖print_r͸…
php > echo print_r("",1); // ͳʹ΋Ͱͳ͍
php > echo print_r(null,1); // ͳʹ΋Ͱͳ͍
php > echo print_r(true,1); // true͸1ʹͳΔ…
1
» ͜ͷΑ͏ʹprint_r͸ܕΛͩ͞ͳ͍
» ͠ܕͳ͍ͷͰɺผͷಓ۩͕ඞཁ

View Slide

༨ஊɿ͜ͱ͋Δຖʹ͜ͷෆຬΛݴ͏ࢲ
» var_dump͸ɺԿނม਺ʹΩϟϓνϟͰ͖ͳ͍ͷͩΖ͏…
» ΈΜͳࢥ͏Ͱ͠ΐ…ࢥΘͳ͍ʁ
» ๭ࣝऀʮob͔͓ͭ͏ΑʯࢲʮͳΜͰ΍ʂob͞ΘΓͨ͘ͳ͍͠ɺΊΜ
Ͳ͍΍Ζʂʯ
» ผͷࣝऀʮਂԕͳΔཧ༝͕͋ΔͷͩΖ͏ʢ࡞ͬͯΔਓʹฉ͚ʣʯࢲ
ʮ͔ͨ͠ʹ…ʯ

View Slide

meanwhile in php conference 2015...
» PHP࡞ऀͷϥεϜε͕͖͍ͯͨ
» ʮࣃϒϥγʯͰ༗໊ͳਓ
» ϔλͳӳޠͰ͜ͷ݅Λ௚ૌ࣭໰
» ࡞ऀʮͦΕ͸ͦ͏͍͏΋ͷͩɺobΛ͔ͭ͑!ʯࢲʮ͸͍…"ʯ
» PHPʹٹ͍͸ͳ͔ͬͨ
» ࢲʹ৯͍Լ͕Δӳޠྗ΋ͳ͔ͬͨ(fin…)

View Slide

༨ஊऴΘΓ
» var_dumpͷر๬͸௵͑·ͨ͠ͷͰɺଞͷख๏ͷ঺հ

View Slide

serialize()
php > echo serialize(0); // i:0;
php > echo serialize("false"); // s:5:"false";
php > echo serialize(false); // b:0;
php > echo serialize(null); // N;
» Ұจࣈ໨Ͱܕ͕Θ͔ͬͯศརʂ!
» i:int, s:string, b:bool, N:null
» օɺPHPͷγϦΞϥΠζܗࣜΛಡΉΑ͏ʹͳΓ·͢ʢΑͶʁʣ

View Slide

json_encode
php > echo json_encode(""); // ""
php > echo json_encode(null); // null
php > echo json_encode(true); // true
php > echo json_encode("true"); // "true"
php > echo json_encode(1); // 1
php > echo json_encode("1"); // "1"
» ܕ΋ɺͪΌΜͱΈΕ͹Θ͔Δ!

View Slide

ݸʑͰͳ͘ɺશ෦ͷઃఆΛݟ͍ͨ࣌͸
php > echo json_encode(ini_get_all(null,false), JSON_PRETTY_PRINT);
{
"allow_url_fopen": "1",
"allow_url_include": "",
"arg_separator.input": "&",
» ݁ՌΛjson_encodeͰɺJSON_PRETTY_PRINT
» ൺֱʹ΋ศརͰ͢ʢॏཁʣ!

View Slide

jsonͱdiffͰࡶʹൺֱ͢Δྫ!
$ diff 56.json 7.json
26c25
< "date.timezone": "Asia\/Tokyo",
---
> "date.timezone": "",
42c41
< "error_reporting": "-1",
---
> "error_reporting": "22527",
» ֤ࣗπʔϧΛద౰ʹ

View Slide

tips͓ΘΓ
» ✅ී௨͸ json_encode() ͕Ұ൪Ͱ͸ʁ
» ػցతॲཧʹ΋޲͍͍ͯΔ
» ଞʹvar_export()ͳͲ΋͔ͭ͑·͢ɺ΄΅jsonʹ͍ۙ͠ݟ΍͢͞
» serialize() ΛਓྗͰಡΉͷʹ͸ɺ਺࣌ؒ͸ܦݧ͕͍Δ

View Slide

get_cfg_var
» ॳظͷphp.iniͷઃఆΛऔಘͰ͖Δ
» ·͋ɺ࢖Θͳ͍
» ini_get_allͷ$detail=trueͰ·͔ͳ͑Δ

View Slide

தٳΈ
» ini_get/ini_get_allͰݱࡏͷઃఆΛ֬ೝ
» ✅ܕ΍ɺ୹ॖه๏ͷةݥੑΛ͖ͪΜͱҙࣝɺ೺Ѳ͠Α͏
» ⚠ಛʹini_getͷฦ஋͕Stringͳͷ͸஫ҙͤΑ
» #ini_get_allΛjson_encodeͳͲͰ੔ܗ͢ΔͱҰཡੑߴ͍͠ɺjson
͔ͩΒൺֱʹศར

View Slide

php.iniʹ ઃఆ͢Δ

View Slide

» ֬ೝͨ͠Β࣍͸ઃఆͰ͢ΑͶ
» ʮ΋͏΍ͬͨͷͰ͸ʁʯʮͦͷ݅Ͱ͸ͳ͍ʯ
» php.ini(ϦΞϧ)ͷઃఆ͸ʮ࣮ߦ࣌ʹมߋͰ͖Δʯ
ࢮ

View Slide

ઃఆʹ͔ͭ͏ؔ਺
» ini_set()
» ΄Μͱ͏ʹΑ͔ͭ͘͏
» ini_alter()ͱ͍͏Alias͕͋Δ͕ɺݟ͔͚ͨࣄ͸ͳ͍
» ini_restore()
» ࢖ͬͨ͜ͱͳ͍

View Slide

ini_set
» ini_set ( string $varname , string $newvalue )
» Ωʔͱ஋Ληοτ͠·͢
» ஋͸StringͰ͢ʢ஫ҙʣ
» ⚠ฦ஋͸ʮมߋલͷ஋ʯͰ͢ʢ஫ҙʣ
» ⚠ࣦഊ࣌͸FALSE͕ฦΓ·͢ʢ஫ҙʣ
» ⚠ઃఆͰ͖ͳ͍΋ͷ΋͋Γ·͢(ޙड़)

View Slide

஋͸StringͰ͢
» ѱ͍༧ײ͔͠͠ͳ͍!
» ࣮ࡍѱ͍ࣄʹɺ᠘͕͋Δ

View Slide

php > ini_set('mbstring.strict_detection', 'On');
php > var_dump(ini_get('mbstring.strict_detection'));
string(2) "On"
php > var_dump(mb_get_info()['strict_detection']);
string(3) "Off" <-- !!??
» mbstring.strict_detectionͰ֬ೝ
» boolܕͳͷͰɺphp.iniͰ͸"On"Λࢦఆ͢Δ
» ͔͠͠ini_set ͸ɺ"On"Λਖ਼͘͠ड͚෇͚·ͤΜʂ!

View Slide

৭ʑͳ஋Λini_setܦ༝Ͱboolʹ͍ΕΔͱ…
» OnʹͳΔ
» true, 1, -1
» OffʹͳΔ
» false, "true", "false", 0, "On", "Off"
͏ʔΜ͜ͷ!

View Slide

ࢿྉΛΈͯΈ·͠ΐ͏
» php.iniͰ͸ true/false,on/off, yes/no, none ͱࢦఆ͢Δ
http://php.net/manual/ja/configuration.file.php
; ࿦ཧ஋͸ɺ࣍ͷ͍ͣΕ͔Ͱࢦఆ͠·͢
; true, on, yes
; ·ͨ͸ false, off, no, none
» ͔͠͠ɺ"true"Λ͍ΕΔͱɺΦϑʹͳΔ…ͷ͕…
» ·͕ͪ͑ͳ͚Ε͹Ͳ͏ͱ͍͏͜ͱ͸ͳ͍!

View Slide

͍ͬͯ͏͔Ͷɺ
» mbstring.strict_detection͸
» Booleanͱ͔͍ͯ͋Δͷʹ
» (php.netᐌ͘)σϑΥϧτ͸"0"ͳΜͩΑ
» ͏͙͙͙…Booleanͱ͸…

View Slide

ͦ΋ͦ΋ɺini_get͢Δͱ
» ʢલड़΋͠·͚ͨ͠Ͳʣ
» BooleanͰɺOffͷͱ͖ʹini_get͢Δͱ""ʢۭจࣈʣ͕͔͑ͬͯ͘
ΔͷͰɺOffͳΜͯͳ͔ͬͨΜ΍…ɻʢ༗Γ·͢ʣ

View Slide

ଞʹ΋ҋ͕
» σϑΥϧτNULLͷmbstring.substitute_character
» ini_setͰNULLΛ͍Εͯ΋""ʹͳΔΑ͒…
» ʢͨͩɺ""≒NULLͰ͋Γɺࠔͬͨ͜ͱ͸ͳ͍…ʣ
php > ini_set('mbstring.substitute_character', null);
php > var_dump(ini_get_all()['mbstring.substitute_character']);
string(0) ""

View Slide

ݸਓͷײ૝Ͱ͢
» ʢbool૬ख͸ʣ1ͱ0Λ࢖͏ͱΑ͍
» 0/1ͷࢦఆ͸php.iniͰ΋࢖͑·͢
» php.netʹ͸ॻ͍ͯແ͍͚Ͳ…ɻ
» "On"ɺ”Off”ͷ͜ͱ͸Θ͢ΕΑ͏…
» ʢݸਓͷײ૝Ͱ͢ʣ

View Slide

தٳΈ·ͱΊ
» ini_setͰphp.iniͷઃఆΛม͑ΒΕΔ
» ✅Ҿ਺͸str͕ͩɺ૬ख͕boolͷ৔߹1/0͕ແ೉ʢݸਓͷײ૝Ͱ͢ʣ
» ਖ਼͍͠ਓ͸ɺphp.iniͱini_setͰ࢖͍෼͚͍ͯͩ͘͞"

View Slide

ΞΫηεϨϕϧ

View Slide

» ઌఔͷ௨Γɺphp.iniͷઃఆ͸࣮ߦ࣌΋มߋͰ͖Δ
» ͨͩ͠ɺini_setͰͦͷ৔ͰมߋͰ͖ͳ͍΋ͷ΋͋Δ
» ͦͷ੍ݶΛʮΞΫηεϨϕϧʯͱ͍͏
» ̐ஈ֊ʹͳ͍ͬͯΔ

View Slide

ΞΫηεϨϕϧ͸࢛छ
» PHP_INI_ALL =>Ͳ͜Ͱ΋ઃఆՄೳɺଟ͕͘ίϨ
» PHP_INI_USER =>΄΅ଘࡏ͠ͳ͍
» PHP_INI_PERDIR =>.htaccess,.user.ini,php.ini,httpd.conf(౳)
» PHP_INI_SYSTEM =>php.iniɺhttpd.conf(౳)

View Slide

» PHP_INI_ALL
» Ͳ͜Ͱ΋
» PHP_INI_PERDIR
» .htaccessɺ.user.ini͕ར༻Ͱ͖Ε͹Մೳ
» PHP_INI_SYSTEM
» αʔόʔ؅ཧऀͷΈ͕มߋՄೳ

View Slide

ͳͥશ͕ͯPHP_INI_ALLͰ͸ͳ͍ͷ͔
» ϢʔβϓϩάϥϜ࣮ߦલʹඞཁͳ৘ใ
» ηΩϡϦςΟతͳཧ༝ͳͲ
» (Α΄Ͳͷࣄ͕ͳ͚Ε͹ɺALLͰ͢ɺ։์తͰ͢)

View Slide

» ॴͰɺʮΞΫηεϨϕϧʯ໊ͬͯশ͕ਖ਼͔ࣜෆ໌ʢʁʣ
» Ϩϕϧ͕هࡌ͞ΕͨҎԼͷURLͳͲʹ͸ಛʹ໊শ͕ͳ͍…
» http://php.net/manual/ja/configuration.changes.modes.php
» ͜͜Ͱ͔ͭΘΕ͍ͯΔͷͰɺଟ෼ਖ਼໊ࣜশͩͱ͓΋͍·͢…
» http://php.net/manual/ja/function.ini-get-all.php

View Slide

Α͋͘ΔϋϚΓɺҎԼ͸PHP_INI_ALLͰ͸ͳ͍
» PHP_INI_SYSTEM
» sendmail_path
» max_ﬁle_uploads
» upload_tmp_dir

View Slide

» PHP_INI_PERDIR
» max_input_varsɺmax_input_time
» auto_append_fileɺauto_prepend_file
» post_max_size
» session.use_trans_sid
» short_open_tag
» upload_max_filesize

View Slide

·ͱΊ
» php.iniʹ͸̐छͷΞΫηεϨϕϧ͕͋Δ
» ͨͩɺ؅ཧऀ੍͕ݶͨͦ͠͏ͳɺmemory_limitͱ͔ɺ
max_execution_timeΈ͍ͨͳͷ΋ALLͰ͋Δ
» ηΩϡϦςΟ౳ΑΓɺΠϯλϓϦλͳͲͷಈ࡞্ͷ౎߹͕ϝΠϯͷ۠
෼͚ͬΆ͍
» ʮphp.iniͬͯݖҖ͕ͳ͘ͳ͍…ʁβϧͰ͸ʁʯ
» ΋ͬͱ΋ɺͦΕΛ๷͙खஈ΋͋Δ(ޙड़)

View Slide

SAPIຖʹಠಛͳ
php.iniͷઃఆํ๏

View Slide

» ͢Ͱʹड़΂ͨΑ͏ʹɺSAPIͱ͍͏΋ͷ͕͋Δ
» ͦΕͧΕͰɺগ͚ͩ͠ಠࣗͷઃఆํ๏͕͋Δ
» php.iniͷઃఆΛ੍ݶ͢Δํ๏͕͋Δ
» ͍͔ͭ͘Λ͝঺հ

View Slide

CLI
ྫɿ
/etc/php.ini
/etc/php/conf.d/*.ini

View Slide

CLI
» /etc/php.ini౳
» ͋Δ͍͸-c /path/to/php.ini php.iniΛύεͰࢦఆ
» ͋Δ͍͸/etc/php-cli.ini ͷઃஔ
» ຊདྷͷphp.iniͷdirʹɺphp-{SAPI໊}.ini͕͋Δͱphp.iniʹ༏
ઌ͞ΕΔ

View Slide

CLI͸ಠಛ͕͋͞Δ
» CLI͸͍͔ͭ͘ڍಈ͕ҧ͏ʢ૬ख͕TERMͳͷͰʣ
» phpinfoग़ྗ͕txtϞʔυʹͳͬͨΓ
» ࣮ߦ࣌ؒͳͲ֤छϦϛοτ͕֎ΕͨΓ
» CLI͸खܰͰ৭ʑ֬ೝͰ͖Δ͕ɺσϑΥϧτ஋͕มΘΔͷͰɺςετ
ʹ࢖͏࣌͸஫ҙ͠·͠ΐ͏
» cli͸-d memory_limit=-1ͳͲͱCLIΦϓγϣϯͰࢦఆՄೳ

View Slide

apache+mod_php
ྫɿ
/etc/php.ini
/etc/apache/httpd.conf
/etc/apache/conf.d/some.conf
/var/www/html/.htaccess
/var/www/html/abc/.htaccess

View Slide

apache+mod_php
» /etc/php.ini౳
» ͋Δ͍͸PHPIniDir ࢦఆͰphp.iniͷ৔ॴΛࢦఆ
» httpd.conf΍.htaccess
» ͍͔ͭ͘௥ՃͷσΟϨΫςΟϒ͕ར༻Մೳʹ

View Slide

mod_phpͷ௥ՃσΟϨΫςΟϒ
» php_value key value ͱStringͷઃఆ͕Մೳ
» php_admin_value ಉ্͕ͩɺϢʔβ͕ઃఆ্ॻ͖Ͱ͖ͳ͘ͳΔ
» php_ﬂag key on ͱBoolͷઃఆ͕Մೳ
» php_admin_ﬂag ಉ্͕ͩɺϢʔβ͕ઃఆ্ॻ͖Ͱ͖ͳ͘ͳΔ

View Slide

mod_phpͷ௥ՃσΟϨΫςΟϒྫ
php_admin_value memory_limit 128M
php_admin_value max_execution_time 10
php_ﬂag display_errors off

View Slide

ίϐϖ͠Α͏ͱͯ͠Α͋͘Δ᠘
» (httpd.conf΍ɺಛʹ.htaccessʹ͓͍ͯ…ʣ
» ʮphp_value(౳)ೖΕͨΒΤϥʔʯ
» ͦͷαʔό͸mod_phpೖͬͯͳ͍ͷͰ͸ʁ
» ͦͷ؀ڥ͸mod_phpͰ͸͘ɺCGI/FastCGIͰ͸ʁ

View Slide

» ʮ൓ө͞Εͳ͍ͧʁʯ
» mod_php͸ೖ͍ͬͯΔ͕ɺલड़ͷ௨ΓCGI/FastCGIͰPHPΛ͔ͭ
͍ͬͯΔ
» ΞΫηεϨϕϧΛແࢹ͍ͯ͠Δ
» ࢒೦ɺఆ਺͸࢖͑ͳ͍ͷͩʢྫ:E_NOTICEʣ
» ࠶ىಈΛΘ͢Ε͍ͯΔ

View Slide

CGI
ྫɿ
/etc/php.ini
/var/web/html/.user.ini

View Slide

CGI
» /etc/php.iniͳͲ
» .user.ini
» .htaccessͷphp_value౳ͷ୅༻ɺه๏͸php.iniͱಉ͡
» ಉҰDir͔ΒDocRoot·Ͱͷؒʹઃஔ͢Δ
» Ұ౓ಡΉͱσϑΥϧτͰ̑෼Ωϟογϡ͞Ε·͢
» publicʹஔ͘=࿙Ӯʹ஫ҙʂʢ.htaccessΈ͍ͨʹ403ʹ͠Α͏ʣ

View Slide

nginx+FastCGI
ྫɿ
/etc/php.ini
/etc/php/php-fpm.conf
/etc/php/php-fpm.d/*.conf
/etc/nginx/nginx.conf
/var/web/html/.user.ini

View Slide

nginx+FastCGI
» جຊCGIͱಉ༷ʢphp.iniɺ.user.iniʣ
» nginxͷfast_cgi_paramͰ௥ՃࢦఆՄೳ
» fastcgi_param PHP_VALUE "memory_limit=-1;
max_execute_time=-1";
» ಉ༷ʹɺPHP_ADMIN_VALUE΋͋Δ
» /etc/php-fpm.conf(ϓʔϧઃఆϑΝΠϧɺ࣍ϖʔδ)

View Slide

ϓʔϧઃఆϑΝΠϧ
php_ﬂag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_ﬂag[log_errors] = on
php_admin_value[memory_limit] = 32M
» ·ͨ৽ͨͳه๏͕͏·Εͨ…!

View Slide

ʮ͋ΕɺWindowsͷ࿩͸ʁʯ
» ͸͍
» GUIͳͲͰɺઃఆͨ͠ΓɺϨδετϦ(!)ͳͲ͕ɺ͋Γ·͢ɻ
» ϨδετϦ͸͔ͭΘͳ͍Ͱɺphp.ini΍.user.iniΛ͔͍ͭ·͠ΐ͏
» ࠷ۙͷIIS͸ී௨FastCGIΒ͍͠ͷͰɺFastCGIͷࢿྉΛΈ͍ͯͩ͘͞

View Slide

·ͱΊ
» php.iniͷޙʹɺ֤SAPIʹΑΔઃఆ͕Ͱ͖Δ
» ֤SAPIͰઃఆϑΝΠϧ΍ख๏͕͕ͪ͏
» ઃఆͰ͖ΔΩʔ໊ͳͲ͸ಉ͡
» ⚠ͨͩ͠ɺphpͷఆ਺͸ར༻Ͱ͖ͳ͍ʢ஫ҙʣ
» ✅php_admin_*ͰɺϢʔβʔʹ੍໿Λͭ͘ΕΔ

View Slide

όʔδϣϯؒࠩҟ

View Slide

㙽ʹ֯มΘΔɺϚΠφʔͰมΘΔ
» PHP͸ϚΠφʔόʔδϣϯΞοϓʢx.y.zͷyʣͰ΋ͬ͘͢͝มΘΔ
» ʢsemverͰ͸ͳ͍ͷͰɺҙຯ͕ҧ͏͕ʣ
» z͘Β͍ͳΒɺେମେৎ෉…େମͶ…
» ͭ·ΓͲ͕͜มΘͬͯ΋৴༻ͮ͠Β͍ͬͯ͜ͱͩͳɺΨοϋοϋ
» ʢΨοϋοϋͰ͸ͳ͍ʣ

View Slide

͍ʹ͑͠ͷ࣮ߦ؀ڥ
» PHP5.1ɺ5.2ɺ5.3͋ͨΓ͸7ͱ͸૬౰͕ͪͬͨΓ͢Δ
» ʮͦͷ࣌୅Λੜ͖͖ͯͨԶͨͪʯʹ͸Α͍͚Ͳɺͦ͏Ͱ΋ͳ͍ਓ͸ͭ
Βͦ͏
» php.netͷ෇࿥ΛΑΈ·͠ΐ͏
» ࣮ػͰ৺ߦ͘·Ͱࢼ͠·͠ΐ͏
» ςετ༻ʹݹ͍phpΛϏϧυ͢Δͷʹ͔ͭΕͨΒɺ
ݹ͍LinuxσΟετϦΛDL͢ΔͱΑ͍Ͱ͢(ਅإ)

View Slide

σϑΥϧτมߋΛ֬ೝ͢Δ
» php.netʹ͸ʮ෇࿥ʯͱ͍͏ʮ͜Εͦ͜ຊฤʯΈ͍ͨͳ৘ใ͕͋Δ
» ͦ͜ΛͪΌΜͱνΣοΫ͢Ε͹ɺେମେৎ෉
» php -n -aͰiniΛϩʔυͤͣʹini_get_allΛಈ͔ͯ͠ɺࠩΛݟΔ
» ͕ࠩ͋ͬͨΒɺద੾ʹຒΊΔiniΛॻ͘
// ϦϞʔτͱखݩΛ֬ೝ͢Δ༗໊ςΫɻ͕ͩɺલड़ͨ͠Α͏ʹ҆қʹcliͰ֬ೝ͢Δͷ͸͓קΊ͠ͳ͍ɻ
diff <(php -r 'phpinfo();') <(~/.phpenv/versions/5.6.9/bin/php -r 'phpinfo();')
diff <(php -r 'phpinfo();') <(ssh remote 'php -r "phpinfo();"')
diff <(ssh remote1 'php -r "phpinfo();"') <(ssh remote2 'php -r "phpinfo();"')

View Slide

্͕Γଓ͚Δόʔδϣϯɺେม
» ࡢࠓ͸PHPͰ΋ΨϯΨϯόʔδϣϯΛ্͍͛ͯ͘ελΠϧ
» όʔδϣϯ্͛Δલʹςετ͠·͠ΐ͏Ͷʙ
» php΋ɺphpenvͱ͔Ͱෳ਺όʔδϣϯ؅ཧ͠΍͘͢ͳΓ·͔ͨ͠Β
» ʢೖΕ΍͍͢ͱ͸ݴ͍ͬͯͳ͍ʣ
» σΟετϦͷඪ४ɺಛʹRH΍CentOS͸ͷΜͼΓͯ͠ΔͷͰɺΏΔ;
Θ೿͸ͦΕͰ…
» ʢver͸্͕Βͳ͍͚Ͳɺ͋Δఔ౓ύον͸߱ͬͯ͘ΔͷͰ…ʣ

View Slide

tips ୔ࢁͷphp.iniΛ๊͑ͨԶͨͪ͸Ͳ͏͢Ε͹
» ຖճphp.iniΛΤσΟλͰ͍͡Δͷ͸େมͳͷͰ…
» php.ini͸͞ΘΒͣɺඞཁͳઃఆΛ͔͍ͨiniΛconf.dʹίϐʔ͠ɺ্
ॻ͖͢Δͱָ
» ࢲ͸ɺखݩͷphpenv૬ख͸πʔϧΛ͔͍ͯͲ͏ʹ͔ͯ͠·͢
» https://github.com/uzulla/setmyphpini.php

View Slide

tips Ͱ΋ɺmod_php͸Ͳ͏͢Ε͹͍͍ͷΑ
» php-build΍phpbrew͕͋Δݱ୅Ͱ΋ɺmod_php͸Ұखؒ
» ͪΌΜͱapacheͰ֬ೝ͢Δ͔͠ͳ͍…
» ࢲ͸apacheΛbuiltin serverΈ͍ͨʹαοͱཱͯΔπʔϧΛॻ͍ͯɺ
ͦΕͰ΍ͬͯ·͢
» https://github.com/uzulla/apachehere
» ʢlibphpX.soͭ͘Δͷ͸ɺґવͱͯ͠μϧ͍ʣ

View Slide

·͋ɺΧοίΠΠձࣾ͸
» CIͱ͔ΛͪΌΜͱ͘ΜͰ΍ͬͯΔΜ͡ΌΖʁ
» ࣮ࡍɺαʔόʔΛࣗ༝ʹͰ͖ΔͳΒɺΑͦ͞͏
» ಥવαʔόʔͷftpΞΧ΢ϯτ͕ϝʔϧ͞Εͯ͘ΔΑ͏ͳɺ໺ྑͷ
PHPer͸ͦ͏΋͍͔ͳͯͭ͘Β͍ʢ۪ஒʣ
» ͕Μ͹Ζ͏…!

View Slide

ͪΐͬͱٳܜ
࣭໰͍͟͝·͔͢ʁ

View Slide

» ͱ͍͏͜ͱͰɺphp.iniͱͦͷ༇շͳ஥ؒୡͷ͓࿩Ͱͨ͠
» άάΔͱͰͯ͘Δ͠ɺphp.netʹ͍͍ͩͨͷͬͯ·͢ʢ౰વ͕ͩʣ
» ✅ʮͦͷߦͰͷphp.ini(ϦΞϧ)͔͠৴༻͢Δͳɺඞͣ֬ೝͤΑʯ
» ✅ʮSAPIͰઃఆख๏͕มΘΔʯ
» ݴ͍͍ͨࣄ͸͜ͷೋߦͰ͢

View Slide

͔͜͜Βઌ͸
» php.iniͰઃఆͰ͖Δ֤߲໨ʹ͍ͭͯͷ͓࿩…
» ʮͭ·Γ͜͜·Ͱ͸جૅ஌ࣝͩͬͨΜͩΑʂʂʂʯΩ
» ΩΩΩ ʮͳɺͳΜͩͬͯʔ͈́ʯ
» ʮPHPΉ͔ͣ͠ਿ಺ʁʯʮͨ͠ֈʯ

View Slide

͓඼ॻ͖
ϑΝΠϧΞοϓϩʔυɺmbstringɺηογϣϯɺassertɺdbɺcurlɺη
ΩϡϦςΟɺϝʔϧɺ೔෇ɺΤϥʔͱϩάपΓɺϦιʔε੍ݶ

View Slide

ΤϥʔͱϩάपΓ

View Slide

·ͣݴ͍͍ͨͷ͸
» άάͬͯग़ͯ͘Δʮ͜͏΍ͬͨΒΤϥʔ͕͖͑·ͨ͠ʂʯ
» ͷ8ׂ͘Β͍͸ʮΤϥʔ͕Έ͑ͳ͘ͳͬͨʯ͚ͩͰ͋Δ
» !μϝઈରʂʂʂʂ

View Slide

log_errors = On ; ͦ΋ͦ΋ΤϥʔϩάΛऔΔ͔
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off ; ը໘ʹΤϥʔΛग़͔͢
display_startup_errors = Off ; PHPͷىಈγʔέϯεʹ͓͍ͯൃੜͨ͠ΤϥʔΛը໘ʹग़͔͢
log_errors_max_len = 1024 ; Τϥʔϩάͷ࠷௕ʢ੾Γࣺͯ
error_log = ; ग़ྗઌɺলུ࣌SAPI΁
html_errors = On ; SAPI΁ग़ྗ࣌ɺΤϥʔจࣈྻΛhtmlԽ͢Δ͔

View Slide

» phpͷΤϥʔ͸͔ΘΓͭͭ͋Δ
» php<=5.6 ྫ֎ͱΤϥʔ͕ผ
» php>=7 ྫ֎ͱΤϥʔ͕ʮࣅͯΔʯ
» Errorʢ಺෦తʹ͸ྫ֎ͳͷ͕ͩɺϢʔβʔ͸࡞Εͳ͍ʣ
» Exceptionʢྫ֎ˍϢʔβʔྫ֎ʣ
» ྫ֎΋Ωϟον͖͠Εͳ͚Ε͹ΤϥʔͱͳΓɺͦΕ͸ϩάʹग़Δ

View Slide

» ʢphp7Ҏલ͸ɺΤϥʔ͕ThrowableͷൽΛඃ͍ͬͯͳ͍͚ͩͰɺ
php.iniʹ͓͚Δѻ͍ํͱͯ͠͸ͦ͜·Ͱ͔ΘΓ·ͤΜʣ

View Slide

Τϥʔʹ͸छྨ͕͋Δ
» 16ݸ͋Δʢଟ͗͢ͳ͍ʁʣ
» NOTICE΋ΤϥʔͰ͢
» E_NOTICE,E_ERROR,E_DEPRECATEDͳͲ
» http://php.net/manual/ja/errorfunc.constants.php

View Slide

» error_reporting ʹεΠονࢦఆ͢Δ
» දݱ͸਺஋͕ͩɺఆ਺ͷϏοτԋࢉͰࢦఆͰ͖Δ
» PHPer͕།ҰϏοτԋࢉΛ͢Δ৔Ͱ͢ʢʁʣ
» ྫ E_ALL & ~E_DEPRECATED & ~E_STRICT
» = 22527 ɺ֮͑ΒΕΔ͔ʂ(ͳͷͰbitԋࢉ)
» શ෦ͷΤϥʔ͔Βɺඇਪ঑ΤϥʔͱɺStrictΤϥʔΛൈ͍ͯΔ
» ఆ਺ͳͷͰ*.ini΍ini_setҎ֎Ͱ͸͜ͷه๏͸͔ͭ͑ͳ͍
» ʮԿ΋ߟ͑ͣɺ-1 ʹ͓͚ͯ͠͹Φοέʔʯʢݸਓͷײ૝Ͱ͢ʣ

View Slide

» ͍ͬͯ͏͔ɺ-1 Ҏ֎ʹઃఆ͢Δਓ͸ɺΘ͔͍ͬͯΔͷ͔ͳ͍ͷ͔
» ࠷ॳʹ͔͍͚ͨͲɺݟ͑ͳͯ͘͠Δ͚ͩͰ͸ʁ
» E_DEPRECATED͸ɺݱ৔ʹΑͬͯ͸ʮΘ͔Δʙ࢓ํͳ͍ΑͶʙʯ
» E_NOTICEΛάϩʔόϧʹམͱ͢ਓ͸ָ؍తͰɺਓੜָͦ͠͏()
» Θ͔ͬͯ΍ͬͯΔͳΒ͍͍ͱ͓΋͍·͢
» ʮPHP͸੍ࣗ৺͕΋ͱΊΒΕΔݴޠʯ

View Slide

» log_errors_max_len
» ΨϯΨϯμϯϓ͢Δਓ͸ͷ͹͠·͠ΐ͏
» display_errorsɺdisplay_startup_errors
» ։ൃ࣌͹͔Γ͸Onͷ΄͏͕͸͔ͲΔࣄ͸ଟ͍Ͱ͢
» PHP͸ࠣࡉͳΤϥʔ͸ɺͦͷ··͢͢Μ͡Ό͏ͷͰɺdisplay͠ͳ
͍ͱΤϥʔϩάݟͳ͍͔͗Γແݴɻ
» ʮΤϥʔ͸ΤϥʔʂNoticeͰ΋ͱ·ͬͯ΄͍͠ʂʯ
» ʢࢭΊΔςΫ΋͋Γ·͢ʣ

View Slide

» error_log
» ະࢦఆ࣌͸SAPIͷΤϥʔϩά΁ɺࢦఆ͢Δͱ޷͖ͳϑΝΠϧ΍
SYSLOGʹΤϥʔΛग़ͤ·͢ɻ
» ApacheͷΤϥʔϩά͸๲େ͗ͯ͢ݟͮΒ͍ͱ͔ɺਂԕͳཧ༝ͰΤ
ϥʔϩά͕ཌ೔ʹͳΒͳ͍ͱݟΕͳ͍ɺ౳ͷ৔߹ʹศར()
» ॻ͖ࠐΊͳ͍৔߹ɺSAPIͷϩάʹϑΥʔϧόοΫ͞Ε·͢
» ͏͔ͬΓ ini_set('error_log', 'php.log');ͱ͔΍ͬͯɺެ։
σΟϨΫτϦʹग़ྗ͠ͳ͍Α͏ʹؾΛ෇͚͍ͯͩ͘͞Ͷɺϑϧύε
ࢦఆʹͳΔΑ͏ʹॻ͜͏ʂ

View Slide

» ⚠error_log͸ɺphp.iniͰࢦఆ͠ͳ͍΄͏͕͍͍
» ⚠Builtin server΍CLIͰը໘ʹΤϥʔͰͯ͜ͳ͘ͳΓ·͢(᠘)
» SAPIଆͷphp_value౳Ͱઃఆ͢Δͷ͕ྑ͍Ͱ͠ΐ͏
» (͋Δ͍͸ɺہॴini_set͕Α͍͔ͱ)
php > echo ini_get("error_log");
/tmp/php_errors.log
php > echo $a; // ະఆٛม਺Λ৮͍ͬͯΔͷͰɺΤϥʔ͕ͰΔ͸͕ͣͩग़ͳ͍
php > ^D
$ tail /tmp/php_errors.log
[XXXX] PHP Notice: Undeﬁned variable: a in php shell code on line 1

View Slide

» ϩάϩʔςʔγϣϯͱ͔ɺແ͍ɻ
// init.dͰɺ؀ڥม਺ࢦఆͰɺޙ͸࠶ىಈͰ…ʂʁ
export D_OF_WEEK=`date +%w`
rm -f /path/to/php_errorlog.$D_OF_WEEK
// php.ini
error_log = php_errorlog.${D_OF_WEEK}
- ʢδϣʔΫͰ͢ʣ
- ૉ௚ʹlogrotateઃఆͯ͠࠶ىಈͨ͠΄͏͕ປ͕ߴ͍Ͱ͢
- ύΠϓͰ͖ͳ͍ͷͰɺ rotatelogsͱ͔͸࢖͑͵

View Slide

·ͱΊ

View Slide

-1

View Slide

» error_reporting = -1 ͕࠷ڧ!
» ʢલड़ͷ௨Γ੔਺ͳͷͰʣ֬ೝ͠΍͍͢͠
» ʮ͔͠͠ݱ࣮ੈք͸ਏ͍ۤ͘͠"ʯ
» E_NOTICE͕མͱͯ͋ͬͨ͠ΒɺղΓ΍͍͢ةݥϑϥά
» ෆՄආͳίʔυ͸ɺͦ͜Ͱ͚ͩerror_reportingΛม͑ͨΓ@Λ
͚ͭΑ͏ɺ΍ͬͺΓPHP͸ศར

View Slide

೔෇

View Slide

date.timezone ·ΘΓ
date.timezone = "Asia/Tokyo"
;date.default_latitude = 31.7667
;date.default_longitude = 35.2333
;date.sunrise_zenith = 90.583333
;date.sunset_zenith = 90.583333

View Slide

date.timezone
» ✅㙽ʹ֯ઃఆ͠Α͏
» "Asia/Tokyo"
» ઃఆ͠ͳ͍ͱɺօେ޷͖strtotime౳ͰWarn͕ग़Δ
» …ͷ͸PHP5.6·Ͱɺ7͔ΒUTC͕σϑΥϧτʹͳͬͨ
» ⚠Ή͠Ζ᠘ʹͳͬͨͷͰ͸ʁ

View Slide

date.timezoneͷมભ…
» date.timezone͸WarnΛແࢹ͢Ε͹ɺUTC(υΩϡϝϯτͰ͸GMT)
» աڈɺTZ ؀ڥม਺ΛಡΜͰ͍͕ͨɺ5.4͔Βࢀর͠ͳ͘ͳͬͨ
» ᐌ͘ʮλΠϜκʔϯͷ൑ఆ࣌ʹɺOS͔ΒಘΒΕΔ৘ใʹཔΒͳ͍Α͏
ʹͳΓ·ͨ͠ɻ ਪଌʹجͮ͘λΠϜκʔϯ͸৴པͰ͖ͳ͍͔ΒͰ͢ʯ
» TZ͸͔֬ʹ͘͢͝ॏཁͩΑͶʂͰ΋ͦΕͳΒඞਢͷ··ͰΑ͔ͬͨͷ
Ͱ͸…

View Slide

༨ஊɿṖͷҢ౓ܦ౓
;date.default_latitude = 31.7667
;date.default_longitude = 35.2333
;date.sunrise_zenith = 90.583333
;date.sunset_zenith = 90.583333
» ʮdate_sunrise() ͱ date_sunset() ͰͷΈ࢖༻͞Ε·͢ɻʯ
» ͳΜͱద੾ʹઃఆ͢Δ͜ͱͰ೔ͷग़ͱ೔ͷೖΓΛܭࢉͰ͖·͢ʂ
» php.iniʹ࣋ͭඞཁ͕͋ΔͷͩΖ͏͔…ਂԕͳΔཧ༝͕͋Γͦ͏ʂ

View Slide

mbstring ౳

View Slide

৭ʑ͋Δ͚Ͳɺେ఍͜ΕͰΑ͍✅
default_charset = "UTF-8" ; Content-Type ͷσϑΥϧτ
internal_encoding = "UTF-8"
[mbstring]
mbstring.language = Japanese
mbstring.internal_encoding = "UTF-8"
mbstring.strict_detection = On

View Slide

༨ஊ(ʁ)ʮdefault_charsetͱ͸Ұମ…ʯ
; Use of this INI entry is deprecated, use global internal_encoding instead.
; internal/script encoding.
; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
;mbstring.internal_encoding =
» ʮmbstring.internal_encodingͱ͔࣌୅஗Εɺ
࣌୅͸default_charsetҰՕॴͰ͓̺!!!ʯ
» ࢲʮ΁ʔͦ͏ͳΜͩʯ

View Slide

» ʮʢdefault_charset͸ʣ mbstring.internal_encoding ͕ະઃఆ
ͷ৔߹ͷσϑΥϧτͱͯ͠΋༻͍ΒΕ·͢ʯ
» ΁ʔɺ͍͢͝ɺָͰ͍͍Ͷʂ
» ͕ʂ࢒೦ʂ
» SJIS-win͸ɺೖΕͯ΋൓ө͞Εͳ͍ʂʢίϝϯτʹ΋ॻ͍ͯ͋Δʣ
» eucJP-win΋μϝͬΆ͍ʂ
» UTF-8ͳΒɺͦ΋ͦ΋σϑΥϧτ΍Ζ͕͍
» ʮ…·ɺੲͳ͕Βʹઃఆ͠·͢Θɺ৴༻Ұ൪ʯ

View Slide

ͦ΋ͦ΋…
» ʮσϑΥϧτ஋ʯͱ͍͏͜ͱ͸ɺ
» ࣮ߦ࣌ʹdefault_charsetΛมߋͯ͠΋ɺ
mbstring.internal_encodingͳͲʹ΋൓ө͞ΕΔΘ͚Ͱ͸ͳ͛͞
» ʢphp.iniΛಈతʹ͍͡ΔࡍʹൺֱతΑ͋͘ΔλΠϓͷ᠘Ͱ͢ʣ
» ͜ͷΑ͏ʹɺPHPʹ͸͠͹͠͹มͳظ଴Λ͍͔ͩͤΒΕɺཪ੾ΒΕΔ
͜ͱ͕ྑ͋͘Γ·͢ɻ
» ͱ͍͏͜ͱͰ༨ஊऴΘΓ

View Slide

௥ՃͰ…
» mbstring.substitute_character
» จࣈྻͷΤϯίʔσΟϯάΛม׵ͨ͠ࡍʹɺม׵Ͱ͖ͳ͔ͬͨจࣈ
Λʮήλ(ˤ)ʯ౳ͷಛఆจࣈʹஔ׵͢Δ͜ͱͰɺม׵࿙Ε౳ΛΘ͔
Γ΍͘͢Ͱ͖Δɻ
» SJIS,EUC,JISڞଘ࣌୅ͷҨ෺ײ͋Δ
» UTF-8ͷ࣌୅͸΋͏͍Βͳ͍ͷͰ͸
» ʢͱɺࢥ͍͍͚ͨͲ·ͩ·ͩcp932Λ࢖͏ࣄ͸͋ΔͶ…ʣ

View Slide

ҎԼ͸ةݥͳͷͰར༻͠ͳ͍͜ͱ!
;mbstring.http_input =
;mbstring.http_output =
;mbstring.encoding_translation = Off
;mbstring.func_overload = 0
;mbstring.http_output_conv_mimetype=
» ؒҧͬͯ΋ʮศརʂʯͱࢥͬͯ͸͍͚ͳ͍

View Slide

·ͱΊ
» ✅σϑΥϧτ͸UTF-8ʹͳ͚ͬͨͲɺ֮ࣗͷҝʹࢦఆ͠·͠ΐ͏ɻ
» ࣗಈม׵ܥɺؔ਺Φʔόʔϩʔυ͸μϝઈର
» ίϝϯτ΍php.netͱ࣮ػͷ৯͍ҧ͍͸ɺૉ௚ʹ࣮ػ༏ઌ͠·͠ΐ͏
» ଞʹ΋ɺίϝϯτʹ͋Δ
http://php.net/internal-encoding
ͳͲͷURL͕404ͩͬͨΓ͢ΔͷͰ͢
» ʮphp.net࠷ߴʂʯͱ͔͍͍·͕͢ɺͦΜͳ΋ΜͳͷͰ͢

View Slide

Ϧιʔε੍ݶ

View Slide

Ϧιʔε੍ݶ
» PHPer͕ॳΊͯάάΔࣄʹͳΔͷ͕͜͜Β΁ΜͰ͸
» max_execution_time = 30
» memory_limit = 128M
» ʢ࣮ࡍ͸ɺ΋ͬͱ΋ͬͱ΁Βͯ͠΋Α͍ʣ

View Slide

҆શห
» PHP͸ͲΜͳʹΞϗͳίʔυΛ͔͍ͯ΋ɺ͜͜Β΁ΜΛҋӢʹ޿͛ͳ
͚Ε͹ʢൺֱతʣ҆શͳͷͰ͢
» ʮPHP͸ΏΔ;ΘίʔυΛࣻ͢!ʯ
» ʢ৚݅ࣜΛ͍ͭ΋ϊϦͰॻ͍ͯɺແݶϧʔϓ͢Δͷݟ͔ͯΒ௚͢λ
Πϓͷਓͱ͔ʣ
» ʢ2GB͘Β͍͋ΔϩάϑΝΠϧͷઌ಄1ߦΛͩͨ͢Ίʹɺશ෦Λ
ﬁle_get_contentsͨ͠Γ͢Δਓͱ͔ʣ

View Slide

צҧ͍͞Ε͕ͪͳࣄ
» max_execition_time͸CPU࣌ؒҎ֎ɺಛʹI/O࣌ؒ͸ϊʔΧ΢ϯτ
ͳͷͰ஫ҙ
» ʮʢ࣌ܭΛݟͯʣ͋ͱ10ඵͰڧ੍ऴྃʯͰ͸ͳ͍ɻ
» ⚠ͨͱ͑͹DBϚλʔͳߴෛՙͰ͸શવऴྃ͠ͳ͍
» ී௨ͷ΢ΣϒΞϓϦͰԿඵ΋CPU࣌ؒ৯͏ͳΜͯ͋Γ͑ͳ͍
» ʢצҧ͍ͯ͠ɺApache+mod_phpͰΨϯΨϯϓϩηε਺Λ্͛Δɺ
ِεέʔϧΞοϓපʹؕΔ=>ѱԽ͕Ճ଎ʣ

View Slide

» ʢͦΕΑΓ΋લʹɺϒϥ΢β΍ NAT ͷ TCPηογϣϯ͕੾ΕͨΓʣ
» ʢࣅͨΑ͏ͳʮΧ΢ϯτͷ࢓ํΛޡղʯ͸ηογϣϯपΓͳͲʹ΋ଟ
͍ʣ

View Slide

ʮPHP͸ΏΔ;ΘίʔυΛࣻ͢ʯ͕…
» ʮԿ΋ߟ͑ͣʹศརͩͱ͔͍͍ͭͭɺ
memory_limit = 1024M ͱ MaxClients 512
ͱ͔ίϐϖͰઃఆ͢Δͷ͸ΏΔ͞Μ!ʯ
» ʮPHP͸੍ࣗ৺͕΋ͱΊΒΕΔݴޠʯ

View Slide

» memory_limitͱɺfpmͳΒϓϩηε਺΋΄Ͳ΄Ͳʹ͠Α͏
» ʢfpmͷpm.max_children)
» ʮ΄Ͳ΄Ͳͱ͸ʁʯʮଟͯ͘΋ίΞ਺ͷ10ഒ͑ͯͨ͜ΒɺҰ౓ݕ
ূͯ͠΋Α͍ͷͰ͸ʯ(ݸਓͷײ૝Ͱ͢)
» ʮmod_php͸ʁʯʮલஈʹnginxஔ͘ͱΑ͍ͷͰ͸()ʯ
» ࣗ৴͕ͳ͍ʁisuconͬͯ΍ͭͷաڈ໰ͰͨΊͯ͠ΈΔͱ͍͍Αʂ!
ԾʹΘ͔ͣʹεϧʔϓοτ্͕ͬͯ΋ɺϝϞϦރׇͰͷswap΍OOM
Killerͷڪාͱ͸௼Γ߹Θͳ͍Α

View Slide

ελοΫ·ΘΓ
» pcre.backtrack_limit=100000
» pcre.recursion_limit=100000
» ෳࡶͳਖ਼نදݱɺ͋Δ͍͸σΧΠσʔλΛॲཧ͢Δͱ͜Εʹ͔͔Δ͜
ͱ͕͋Γ·͢
» Կ͔ҟৗͳ͜ͱΛ΍͍ͬͯͳ͍ʁ
» ͔ͨ͠ͳ͘େ͖͘͠·͠ΐ͏

View Slide

ϑΝΠϧΞοϓϩʔυ

View Slide

file_uploads = On
upload_tmp_dir =
upload_max_filesize = 2M
max_file_uploads = 20
post_max_size = 8M

View Slide

» PHP͸ϑΝΠϧΞοϓϩʔυΛͲͷ؀ڥͰ΋ͪΌΜͱѻ͑Δɺ
͛͑͢ʂʂ
» ʢ౰ͨΓલʹฉ͑͜Δ͚Ͳɺ݁ߏ໘౗ͳΜ΍Ͱ…ʢ࿝֐ʣ)

View Slide

» upload_max_ﬁlesize͸΄Ͳ΄Ͳʹ
» ϑΝΠϧαΠζ͕σΧΠͱ߈ܸʹ΋ͳΓ͏Δ
» ࠷ۙ͸ճઢ଎͍͠ɺDiskͷখ͍͞ΠϯελϯεͩͱϠϥΕΔ
» post_max_sizeͷมߋΛ๨Ε͕ͪ
» post_max_size > upload_max_ﬁlesize
» ʢෳ਺Ξοϓϩʔυ਺΋ߟྀ͠·͠ΐ͏ʣ

View Slide

» 2GBҎ্ͷΞοϓϩʔυΛѻ͏৔߹͸…
» ʮҟৗʁେৎ෉ʁʯʮҎ্Ͱ͢ɺେৎ෉Ͱ͢ʯ
» 64bit؀ڥʹ͠·͠ΐ͏
» php>=5.6ʹ͠·͠ΐ͏
» nginx/apacheͷઃఆʢ੍ݶʣ΋֬ೝ͠·͠ΐ͏
ʢඇৗʹΑ͋͘ΔϋϚϦॴʣ
» ܦ࿏ʹ͋ΔϦόʔεϓϩΩγ΋

View Slide

» ʮͳΜ͔memory_limitʹ౰ͨͬͨʂ;΍ͦ͏ʂ!ʯ
» ڊେϑΝΠϧΛม਺ʹϩʔυͯ͠͸μϝʢ౰ͨΓલʣ
» ﬁle_get_contentsΛ࢖͏ͳ
» fread౳Λ͔͍ͭͬͯͩ͘͞
» GeneratorΛ͔͍ͭͬͯͩ͘͞
» Stream WrapperΛ͍ͭͬͯͩ͘͘͞

View Slide

» upload_tmp_dir
» লུ࣌ɺsystemͷtmpΛ͔͍ͭ·͢
» ؀ڥ΍ΞϓϦ಺༰ʹΑͬͯ͸ɺ҆શͳॴʹม͑Α͏

View Slide

·ͱΊ
» খ͍͞ϑΝΠϧαΠζͳΒ؆୯ʂPHP࠷ߴʂ
» େ͖͍ϑΝΠϧαΠζͩͱ᠘͕୔ࢁʂͦΕͰ΋PHP࠷ߴʂ

View Slide

ηΩϡϦςΟؔ࿈

View Slide

» PHPࣗମ͸σϑΥϧτͰ΋ͦΕͳΓʹେৎ෉
» 12ԯͷαΠτ()͕શ෦΍ΒΕͨΓ͸ͯ͠ͳ͍
» ʮΘΓͱʯͶ…HTTPOXYͱ͔͚͋ͬͨͲ
» ༗໊ͳOSS͕Ϡό͍!
» ʮEOLͳόʔδϣϯͷPHP͸͋͛ͯ͜ʂʯʢϙδγϣϯτʔΫͰ͢ʣ

View Slide

» max_input_time
» ʮεΫϦϓτ͕ POSTɺGET ͳͲͷೖྗΛ ύʔε͢Δ࠷େͷ࣌ؒΛɺ
ඵ୯ҐͰࢦఆ͠·͢ɻ ͜Ε͸ɺαʔόʔଆͰ PHP ͕ىಈ͔ͯ͠Βε
ΫϦϓτͷ࣮ߦΛ։࢝͢Δ·Ͱͷ࣌ؒͰ͢ɻʯ
» Α͘Θ͔ΒΜͶʁਖ਼௚Զ΋Α͘Θ͔ΒΜ
» େ఍͜Ε͸΋ͬͱ΁Βͤ·͢
» ʮ͜ΕηΩϡϦςΟͳͷʁʯʮ͏ʔΜ…͍ΕΔॴ͕…ʯ

View Slide

» max_input_nesting_level = 64
» PHP͸hoge[hage]Έ͍ͨͳύϥϝλ͕ࣗಈతʹ഑ྻͱͯ͠ѻ͑Δɺ
ͦͷ࠷େਂ͞Ͱ͋Δɻ
» σϑΥϧτͷ64͸ɺͭ·Γ64࣍ݩม਺·ͰڐՄ
» ͦΜͳʹڪΖ͍͠ϓϩάϥϜ͕͋ΔͷͩΖ͏͔…!
ͱೲಘͤ͞Δύϫʔ͕PHPʹ͸͋Δ
» ਫ਼ʑ5ͱ͔Ͱ͸ʁ

View Slide

» max_input_vars = 1000
» POST΍GETͷΫΤϦύϥϝλͷ࠷େ਺
» 1000Λଟ͍ͱΈΔ͔গͳ͍ͱΈΔ͔ɺਓʹΑ༷ͬͯʑͰ͠ΐ͏ɺͲ
͏Ͱ͔͢ʁ
» 1000ͰͨΓͳ͍͜ͱ͸͋Δʢਅإʣ
» ओʹDoSରࡦ͕ϕʔεʢϋογϡίϦδϣϯ߈ܸͱ͔ʣ
» ௒͑ΔͱʁWARN͕Ͱͯɺ੾ΓࣺͯΒΕͯɺ࣮ߦ͸ਐߦ͢Δʢ஫ҙʣ

View Slide

͜ͷ͋ͨΓɺߜ͍ͬͯ͘ͷ͸ਖ਼͍͠ͷ
͕ͩ
» ߈ܸͷୈҰ೾໨͘Β͍·Ͱ͸΍Βͳͯ͘΋͍͍ΜͰ͸
» ✅PHPͰͷKISSͱ͸ɺͰ͖Δ͜ͱͳΒσϑΥϧτઃఆͰ͔ͭ͏͜ͱ
Ͱ͋Δʢཁग़యʣ
» ͔͠͠ɺ͍͔ͭରԠ͢ΔͨΊʹ஌͓͖ͬͯ·͠ΐ͏

View Slide

» open_basedir = /var/www/html:/tmp
» phpίʔυ্͔Β͸ࢦఆ͞Εͨpathͷ֎ΛಡΈॻ͖Ͱ͖ͳ͍Α͏ʹ
» ʮ҆શͦ͏ͩʂ͜Ε͸PHPքͷSELinux͔ʂ!ʯ
» ʢͭ·Γɺ͙͢ʹΦϑʹ͞Ε·͢ʣ
» ʢ͔͠΋ɺPHP_INI_ALLͰ͢ʣ
» ෳ਺ࢦఆ࣌͸PathΛ:Ͱͭͳ͙͕ɺWinͷ৔߹͸;Ͱͭͳ͙
» Ұจࣈͷ୅ΘΓʹɺ௕͍PATH_SEPARATORఆ਺Λ͔ͭ͑͹ղܾ

View Slide

» allow_url_fopen = On
» $html = ﬁle_get_contents('https://example.com/');
» ΛڐՄ͢Δ͔
» ڐՄ͠·͠ΐ͏!
» ʢ͜Ε͕Ͱ͖ͳ͔ͬͨΒͳͥPHPΛ͔͍ͭͬͯΔͷ͔ٙ໰Λ๊͍ͯ͠
·͏…ʣ

View Slide

» allow_url_include = Off
» require ('http://example.com/super_lib.php');
» ΛڐՄ͢Δ͔ɻ
» ʮϠόͳ͍ʁ!ʯʮωοτ͔ΒίʔυDLͱ͔Ҿ͘Θ"ʯ
» curl https://hoge/installer.sh | bash
ͬͯ΍ͬͨ͜ͱ͕ͳ͍ਓ͸ͦ͏ݴͬͯ΋ྑ͍
» Ͱ΋·͊ɺແ͍Θʔ

View Slide

» sql.safe_mode = Off
» ʮ໊લ͔Βͯͭ͠Αͦ͏ʂ!ʯ
» ͔͠͠ʮPHPͰ͍͏ͱ͜Ζͷsafe_modeʯͱ͍͏ҙຯͰ͋Γɺผʹ
safeͰ͸ͳ͍"
» ʮΦϯʹ͢ΔͱɺσϑΥϧτ஋͕ࢦఆ͞Ε͍ͯΔσʔλϕʔε઀ଓؔ
਺͸ɺ Ҿ਺Ͱࢦఆ͞Εͨ஋ΑΓ΋σϑΥϧτ஋Λ༏ઌͯ͠࢖༻͠·
͢ɻ ʯ
» ʢphpʹ͓͚Δʮsafe modeʯͱ͸ɺϢʔβʔͷϙΧʢ΍ѱҙʣΛଟ
গअຐ͢Δͱ͍͏ҙຯͰ͢ʣ

View Slide

» expose_php = On
» X-Powered-By: PHP/7.0.9 ͳͲΛӅ͢
» ·͋Φϑʹ͍ͨ͠ਓ͸Φϑʹͨ͠΄͏͕ΑΖ͍͠
» ʢϔομʔʹPHP͔͍ͬͯͯ͋Δͱ͏Ε͍͔͠Β൱ఆͮ͠Β͍ʣ
» ෭࡞༻ͱͯ͠ɺʮΠʔελʔΤοάʯ͕͔ͭ͑ͳ͘ͳΓ·͢

View Slide

View Slide

» ·͋ɺPHP5.5͔Β͸΋ͱ΋ͱແ͍
» ʢ͔͠͠ɺapacheͰ͸͏͚͘͝ͲɺbuiltinserverͰ͸͏͔͝ΜͷΑ
Ͷ͜Εɻʣ

View Slide

disable_functions =
disable_classes =
» ؔ਺΍ΫϥεΛېࢭͰ͖Δ
» ຊ೔ࢄʑ͔ͭͬͨini_setͳͲΛࡴͤΔ
» ʮͳ͓ɺecho͸ؔ਺Ͱ͸ͳ͍ͷͰېࢭͰ͖ͳ͍ɺ͜Ε౾ͳʯ

View Slide

ϝʔϧ

View Slide

࠷ॳʹॻ͍͓͕ͯ͘…
» ϝʔϧؔ࿈ͷઃఆΛ͍͡Δ৔߹ɺmail()ͱ͔ɺmb_send_mail()ͱ͔
ͷڍಈΛม͍͑ͨͷͩΖ͏ͱ͓΋͏
» ⚠΍Ί͓ͯ͜͏⚠
» ✅ྑ͍ϝʔϧૹ৴ϥΠϒϥϦΛ͔͓ͭ͏ʂ
» ͢ΔͱͩͶɺઃఆͷ΄ͱΜͲ͕ཁΒͳ͘ͳΔΜͩͳ…
» ʮͦ΋ͦ΋ɺएऀ͸Mailgunͱ͔SESͱ͔͔ͭ͏Μ͡ΌΖʁʯ

View Slide

» sendmail_path = "/usr/sbin/sendmail -t -i"
» ͍͍ͤͥɺsendmailͷPath͕มΘͬͯΔ৔߹ʹมߋ
» ௨ৗɺ͜ͷpathʹsendmail͕͋ΔͷͰมߋ͢Δඞཁ͸ͳ͍

View Slide

tips: sendmail_pathʹࣗ࡞ͷϓϩάϥϜΛࢦఆ͢Δͱศར
#!/usr/bin/perl
my $out_ﬁle_name = '/tmp/mailout';
open(my $fh, ">>", $out_ﬁle_name) or die $!;
while(){
print $fh $_;
}

View Slide

» ʮPerl΍Μ͚ʂʯ
» ʮ͹Ε͔ͨʯ

View Slide

» (ଞʹ΋߲໨͸͋Δ͚Ͳɺຊ౰ʹ͍ͬͯ͡ྑ͍͜ͱͳ͍ͷͰলུ)

View Slide

ηογϣϯ

View Slide

» PHP࠷ߴศརػೳͷҰͭɺηογϣϯ
» ʮPHP͸ϑϨʔϜϫʔΫͩʂʯ
» ݴޠʢʁʣʹηογϣϯػೳ͕͋ΔͷͰɺຊ౰ʹָ
» ͜Ε͚ͩͰ60෼࿩ͤΔ(?)

View Slide

PHPҎ֎ͷݴޠͷํʑ΁ɺPHPͷηογϣϯ͸…
» ద੾ʹൃ൪͞ΕͨηογϣϯID͚͕ͩCookieʹอଘɺૹ৴͞Εɺ
» ΞΫηε࣌ʹ͸ɺࣗಈతʹSIDʹώϞ෇͍ͨΩʔΛݩʹɺ
» (ࣗ࡞΋Ͱ͖Δ)ηογϣϯετϨʔδϋϯυϥ͔ΒσʔλΛͻ͖ͩ
͠ɺ$_SESSION΁σγϦΞϥΠζɻ
» ऴྃ࣌ʹ͸ɺࣗಈతʹٯํ޲Ͱ$_SESSIONΛγϦΞϥΠζͯ͠อଘɻ
» ηογϣϯIDͷ࠶ׂΓ౰ͯ΋ܰʑʂ
» …ͱɺ͍ͬͨ΋ͷ͕ݴޠʢ؀ڥʣͰ༻ҙ͞Ε͓ͯΓ·͢ɻ

View Slide

» PHPͷηογϣϯػೳ͸େ͖͘ೋͭͷػೳʹΘ͚ΒΕ·͢
» ηογϣϯIDͷ؅ཧ
» ετϨʔδ

View Slide

» ηογϣϯID(SID)ͷ؅ཧ
» ԿͰ΍ΓऔΓ͢Δ͔
» URL
» Cookie
» IDͷੜ੒ɺ؅ཧ
» γʔυ
» ௕͞ʢڧ౓ʣ
» ηΩϡϦςΟڧԽͷઃఆ

View Slide

» ΋͸΍ςϯϓϨɺSessionͰCookieΛ࢖͏֤छઃఆ
session.use_cookies = 1 ; SIDΛCookie͔ΒಡΊΔΑ͏ʹ
session.use_only_cookies = 1 ; ͍·Ͳ͖URLʹຒΊࠐ·ͳ͍ͷͰɺOn
session.name = PHPSESSID ; CookieΩʔ໊
session.cookie_secure = 1 ; httpsͰͷΈηογϣϯͷCookieΛ΍ΓͱΓ
session.cookie_domain = ; ະࢦఆͰݱࡏͷυϝΠϯʹͳΔͷͰɺ௨ৗෆཁ
session.cookie_path = / ; ηογϣϯΫοΩʔͷPath
session.cookie_httponly = 1 ; SIDΛJS͔Βݟ͑ͳ͘͢Δ
session.use_strict_mode = 1 ; SIDΛ஫ೖͤ͞ͳ͍

View Slide

session.cookie_lifetime = 0 ; ηογϣϯΫοΩʔͷExpireΛࢦఆ
» 0͸ϒϥ΢βΛด͡Δ·Ͱ༗ޮ
» ʢݱ୅Ͱʮϒϥ΢βΛด͡Δʯͱ͸…ʁʣ
» sessionΛҡ࣋͢Δʹ͸ɺద੾ʹઃఆ͢Δ
» ʮࠓ͔ΒNඵʯ
» ผ్ɺετϨʔδͷlifetimeͷઃఆ΋͍Δʢޙड़ʣ
» ʮ௕͔͋͘͞Δ΂͠ʯͷٞ࿦͸͜͜Ͱ͸͠ͳ͍

View Slide

» Ψϥέʔ࣌୅͸ऴΘͬͨɺURLʹSIDؔ࿈͸Onʹ͠ͳ͍
» ηΩϡϦςΟతʹɺϩΫͳ͜ͱʹͳΓ·ͤΜ
session.use_trans_sid = 0 ; URLͷηογϣϯIDΛड͚ೖΕΔ͔ʁ
session.referer_check = ; ͦͷ৔߹ɺड͚ೖΕΔυϝΠϯΛݻఆ

View Slide

ηογϣϯIDͷੜ੒खஈؔ܎
» ηΩϡϦςΟʹίμϫϦ͕͋ΔͳΒม͑ͯ΋Α͍ͷͰ͸
» มߋ͢Δͱɺݱࡏͷશηογϣϯ͕ফ͑·͢ʢ౰ͨΓલ͕ͩ…ʣ
session.hash_function = 1 ; ηογϣϯͷϥϯμϜจࣈͷ௕͞
; 0:md5͔1:sha1͔ࢦఆͰ͖Δɺ͚Ͳ7.1Ͱফ͑·ͨ͠
session.entropy_length = 32 ; PHP 7.1Ͱফ͑·ͨ͠
session.entropy_ﬁle = /dev/urandom ; PHP 7.1Ͱফ͑·ͨ͠

View Slide

ͳ͓ɺphp7.1͸͜ͷΑ͏ʹγϯϓϧʹͳͬͨ
» php.iniͷσϑΥϧτͩͱޙํޓ׵ੑͷͨΊʹ26จࣈʹͳ͍ͬͯΔ
͕ɺ΋ͬͱͷ͹ͨ͠΄͏͕͍͍ͧͱ͍͏͜ͱΒ͍͠ɻ
; Shorter length than default is supported only for compatibility reason.
; Users should use 32 or more chars.
; Default Value: 32
; Development Value: 26
; Production Value: 26
session.sid_length = 26

View Slide

session.auto_start = 0 ; ࣗಈతʹηογϣϯΛ։࢝͢Δ͔Ͳ͏͔
» େ఍ͷίʔυͰ͸ࣗલͰsession_start()͍ͯ͠·͢ͷͰɺ
session.auto_start͸ΦϑͰΑ͍Ͱ͢
» ෆཁͳ࣌͸͏͔͝ͳ͍ͷͰෛՙ΋͕͞Γ·͢

View Slide

session.cache_limiter = nocache ; Ωϟογϡͤ͞ͳ͍
session.cache_expire = 180
» ηογϣϯ͕͍ͭͨϨεϙϯεΛͲ͏Ωϟογϡͤ͞Δ͔
» ͳʹ͔ͷ౎߹΍ෛՙͷࣄΛଞॴʹ͢Ε͹ɺσϑΥϧτͰେৎ෉

View Slide

» ηογϣϯετϨʔδʢϋϯυϥʣ
» ௨ৗ͸file
» memcachedͱ͔ͷ֦ுΛ͍ΕΔͱɺ૿͑Δ
» KVSΈ͍ͨͳΫϥεΛ࣮૷͢Δͱɺࣗ࡞Ͱ͖Δ
» ෳ਺୆ͷαʔόʹ͢ΔͳͲͰมߋ͢Δ

View Slide

session.save_handler = files ; σϑΥϧτͷfileετϨʔδΛ࢖͏
session.save_path = "/tmp" ; fileετϨʔδͷઃఆͰɺͲ͜ʹ৘ใΛอଘ͢Δ͔
» session.save_pathʹ͸ηογϣϯ৘ใ͕อଘ͞ΕͨେྔͷϑΝΠϧ
͕Ͱ͖Δ
» अຐͩͱ͔ɺCronͰ૟আ͞Εͳ͍Α͏ʹͱ͔ɺnfsͰڞ༗͍ͨ͠
ͱ͔(ݹ)ɺඞཁ͕͋Ε͹มߋ͢Δ
» ʢύʔϛογϣϯʹ஫ҙʂʣ
» ʮPHPҎ֎ͰɺηογϣϯϑΝΠϧΛࣗલͰಡΈॻ͖͢ΔʯͳͲ
ͱ͍ͬͨɺڧ·ͬͨΞϓϦΛॻ͘ͳΒ͜ͷpathΛ֬ೝ͢Δ

View Slide

» $_SESSIONΛγϦΞϥΠζ͢ΔϋϯυϥΛࢦఆ
» ʮมߋ͢Δͷʁڧ͍Ͷʙʯ
session.serialize_handler = php ; $_SESSIONΛԿͰγϦΞϥΠζ͢Δ͔
; ଞʹphp_serializeͳͲ͕͋Δ
;session.lazy_write = On ; 7͔Βɺߋ৽͕͋Δ৔߹ͷΈॻ͖ࠐΉࣄͰੑೳ޲্
» ղͬͯΔਓ͚͕͍ͩ͡Δ߲໨Ͱ͢

View Slide

» ηογϣϯͷ༗ޮظؒؔ࿈
» gc_maxlifetimeɺσϑΥϧτͷ24෼͸୹͍Α͏ͳɺ௕͍Α͏ͳ…
session.gc_maxlifetime = 1440 ; ηογϣϯ༗ޮظؒɺඵ
; ΞΫηεຖʹgc_probability/gc_divisorͷαΠίϩΛৼΓɺ
; ֬཰తʹsessionͷGCཁٻ͕ߦΘΕΔ
session.gc_probability = 1
session.gc_divisor = 1000

View Slide

ηογϣϯ༗ޮظؒͷܾΊํ
» session.cookie_lifetimeͰɺSID(Cookie)ͷण໋Λద੾ʹ௕͘͠
·͠ΐ͏
» session.gc_maxlifetimeͰɺετΞ͞Εͨ৘ใ͕ഁغ͞ΕΔ·Ͱͷ
ظؒΛԆ͹͠·͠ΐ͏
» Ͳ͕ͬͪ੾Εͯ΋ηογϣϯʢʹอଘ͞Εͨ৘ใ͸ʣফ͑·͢
» ʮԿނผͳͷʁʯʮSID؅ཧͱɺετϨʔδ͸ผͷ֓೦ͳΜͰʯ

View Slide

ʮʢηογϣϯʣΩϨͯͳʙ͍ʯ
» ετϨʔδଆͷGC͸ɺαΠίϩ೚ͤɺஸ౓ʹফ͑Δ͜ͱ͸ͳ͍
» ʮԿ෼Ͱηογϣϯ͕੾ΕΔͷ͔อূ͍ͯͩ͘͠͞ʯʮ໘౗ͳ…ʯ
» ͦͷ৔߹ɺExpireΛPHPʹ೚ͤΔͳΒఘΊͯɺ$_SESSIONͷதʹ
࣌ࠁ෇͖ͷ৘ใΛ͍Ε·͠ΐ͏
; ͳ͓ɺ͜ͷΑ͏ͳΠΧαϚαΠίϩ͸۪ߟͰ͢
session.gc_probability = 1
session.gc_divisor = 1

View Slide

» ʮ͡Ό͋gc_divisorΛ૿΍͢ͱ͍ܰͷ͔ʂʁʯͬͯࢥ͏͔΋͠Ε·ͤ
Μ͕ɺ͍͔ͭ͸GC͕૸ͬͯɺͦΕ͸ͦΕͰॏ͍ॲཧʹͳΓ·͢ɻ
» ʢISUCONͳΒ͍͍͔΋Ͷ͆ʣ

View Slide

» ݬͷػೳɺupload_progress
;session.upload_progress.enabled = On
;session.upload_progress.cleanup = On
;session.upload_progress.preﬁx = "upload_progress_"
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
;session.upload_progress.freq = "1%"
;session.upload_progress.min_freq = "1"
» ͳΜͱʮϑΝΠϧΞοϓϩʔυͷϓϩάϨεόʔʯΛग़ͤΔ
» ΞοϓϩʔυதʹผͷϦΫΤετΛඈ͹ͯ͠ɺηογϣϯΛݟΔͱɺ
਺஋͕औΕΔ
» ਅ໘໨ʹ͔ͭͬͨ͜ͱ͸ͳ͍

View Slide

session.hash_bits_per_character
» ͓ೃછΈͰ͸ͳ͍Ͱ͠ΐ͏

View Slide

View Slide

» ʮͳΜͱʂදʹೋճొ৔͠·͢ʂʯ
» ͖ͬͱॏཁ͔ͩΒͳΜͰ͠ΐ͏ʂ
» ʢ͔ͭͬͨ͜ͱͳ͍ʣ
» ʮ·ͨɺPHP 7.1.0 Ͱ࡟আ͞Ε·ͨ͠ɻʯ
» ʮ͑ʁphp.iniϑΝΠϧʹ࢒ͬͯΔΜ͚ͩͲ…ʯʢini_get͸Ͱ͖·ͤ
ΜͰͨ͠ʣ
» ʢ㙽ʹ֯·͋ɺͦΜͳ͔͍͋ͭͩͱ͍͏͜ͱͰ͢Ͷʣ

View Slide

·ͱΊ
» ηογϣϯपΓ͸7.1Ͱͪΐͪ͜ΐ͜࢓༷͕มΘΓ·ͨ͠
» σϑΥϧτͰ͔ͭͬͯΔਓʹ͸ؔ܎ͳ͍͚Ͳɺ৭ʑ֦ுͨ͠Γͯ͠Δ
ڧ͍ਓ͸஫ҙ͕ඞཁ
» ʮࡢ೔͙͢ʹϏϧυ͚ͨ͠Ͳɺ7.1ͱ͔͍ͭ࢓ࣄͰ࢖͑ΔΜͩΖ
͏…ʯʮ͋͞…ʯ

View Slide

Assert

View Slide

» ࣮͸ੲ͔Β͋Δ
» 7͔ΒϓϦϓϩηεͰࡴͤΔΑ͏ʹͳͬͨ
» ࣜධՁ͕Ͱ͖ΔΑ͏ʹͳͬͨ
» ։ൃ؀ڥ͚ͩͰ࢖ΘΕΔ΋ͷͰ͢
» ͳʹ͔͜ΕͰϩδοΫΛॻ͍ͯ͸͍͚ͳ͍
» ʮ͔͜͜Βීٴ͢Δͷ͔ͳ…ʁʯ

View Slide

; -1 ίϯύΠϧ࣌ແࢹɺ0 ࣮ߦ͠ͳ͍ɺ1 ࣮ߦ͢Δ
zend.assertions = -1
;assert.exception = On ; fail࣌ྫ֎(ʁ)εϩʔ
; ͜ΕҎԼ͸ԼҐޓ׵ੑͷͨΊ࢒͍ͬͯΔ͕ɺ͔ͭ͏ͳͱ
;assert.active = On
;assert.warning = On
;assert.bail = Off
;assert.callback = 0
;assert.quiet_eval = 0

View Slide

» εϩʔͱ͍͏͕ɺ\ErrorͷࢠͳͷͰɺ\ExceptionͰ͸Ωϟον͞Ε
ͳ͍
» PHPͰ౤͛ΒΕΔྫ֎͸ɺThrowableͱ͍͏਌͔ΒɺErrorͱ
ExceptionʹΘ͔Ε͓ͯΓɺաڈͷίʔυ͸ExceptionΛ਌ͱͯ͠
͍ͨͷͰʮී௨ʯ͸ʹ͗ΓͭͿ͞Εͳ͍ͧ
» 7͔Βྫ֎ͱΤϥʔ͕ͲͪΒ΋ʢجຊతʹ͸ʣʮThrowʯʹͳͬ
ͨɻ
» Ωϟον͸Ͱ͖Δ
» ͨͩ͠ɺError͸ϢʔβʔΫϥεͰ௨ৗܧঝͰ͖ͳ͍

View Slide

curl

View Slide

curl.cainfo=/path/to/cacert.pem
» SSL certiﬁcate problem: unable to get local issuer
certiﬁcateΈ͍ͨͳΤϥʔ͕ग़ͨΒରԠ
» ূ໌ॻ͸ݕূͯͦ͜͠ɺCURLOPT_SSL_VERIFYPEERΛfalseʹ͢Δͱ͔
μϝઈର
» cacert.pem͸https://curl.haxx.se/ca/cacert.pemͳͲ͔Βೖख

View Slide

DB

View Slide

͸͖ͬΓ͍ͬͯɺphp.iniͰ
DBͱ͔ͷઃఆͳΜͯͤ͑΁Μ
ͷͰলུ

View Slide

·ͱΊʹ͸͍͍͖ͬͯ·
͢ʂ

View Slide

୔ࢁ͋Δͧʂࠓ೔࿩ͤͳ͔ͬͨ͜ͱ
» cgi.force_redirectͱ͔ͷ࿩
» urlrewriterͷ࿩
» ﬁlterͷ࿩
» realpth_cacheͱ͔ͷ࿩
» zend.enable_gcͷਆ࿩
» report_memleaksͷظ଴ͱઈ๬

View Slide

ຊτʔΫશମͷ·ͱΊ

View Slide

͋͋ʂphp.ini໘౗͍͘͞ʂ
» ʮphp.iniͳΜͯͳͯ͘͠͠·͑͹͍͍ʂ!ʯ
» લड़΋͚ͨ͠Ͳɺͳͯ͘΋͏͖͝·͢
» ͨͩ͠ɺphpͷόʔδϣϯΞοϓͰσϑΥϧτ͸มΘΔ
» ʮϚΠφʔͰେมߋ͕ೖΔࣄͰఆධͷ͋ΔPHPʯ
» ΤϯίʔσΟϯάͷσϑΥϧτ͕UTF-8ʹ
» datetime.zoneσϑΥϧτ͕UTCʹ
» ʮ೺Ѳ͠ଓ͚Δ͘Β͍ͳΒɺphp.iniΛॻ͍ͨํ͕ϚγͰ͸ʯ

View Slide

» ʮͨΕͰ͍͍͡ΌΜ!ʯ
» ·͋ɺݱ࣮ͱͯͦ͠ΕͰ΋͍͍Μ͚ͩͲɺϋϚͬͨ࣌ͭΒ͍
» ಛʹɺΑ͘Θ͔ΒΜଞਓͷPHP؀ڥ͸Α͘Θ͔ΒΜ
» ͦ͏͍͏ॴ͸ʮͳΜ͔৭ʑม͑ͨΒۮવಈ͍ͨʂʯˠʮൿ఻ͷλ
ϨԽʯ͓ͯ͠Γ…
» ʮ͜Ε΋͏͍Βͳ͍Ͱ͠ΐʯʮফ͞ͳ͍Ͱ͍ͩ͘͞ʂʯ
» ʮ͜ͷ.htaccess͕ஔ͚ͳ͚Ε͹ࢮʯʮͪ͜ͱΒnginxʯ
» ౳ͷ໰౴͕ൃੜ

View Slide

» ʮphp.iniʹઃఆ͕͋Δͱ؅ཧ͕େม…!ʯͱࢥ͏ਓ΋ଟ͍
» ຊ຤స౗ͬΆ͍͚Ͳɺʮશ෦ίʔυʹຒΊࠐΈʯ
» ࣮͸ɺ͜Ε͸͜ΕͰղܾࡦͰ΋͋Δ
» ʢPHP_INI_SYSTEMͳͲ͸࢒Δ͕…ʣ
» ࢲ΋ɺini_setΛଟ༻͢Δ
» ͔͠͠ɺࣗ෼Ҏ֎͕৮Δ͔΋͠Εͳ͍Μͩͧ
» CLIͰόονճ͢ͱ͖ʹϋϚΔͧ

View Slide

ʮ΍͸Γphp͸ѱ͍ݴޠʂຣࡴ͢Δʂ!"ʯ
» php.ini͕ʢ΋ʁʣ΍΍ͯ͘͜͠΋ɺPHPΛݏ͍ʹͳΒͳ͍Ͱͩ͘͞
͍པΉ
» ීஈ͔Β࢖͍ͬͯΕ͹ɺ׳Ε͍͖ͯ·͢ͷͰ…
» ຊ೔ͷࢿྉ͸ීஈ࢖͍ͷൣғΛ݁ߏΧόʔ͍ͯ͠ΔͷͰ…͕Μ͹ͬ
ͯ…
» ฉ͍ͯ͘Εͯ΋͍͍ͷΑʁ

View Slide

php.iniϚελʔʹͳΔʹ͸
» php.netΛख़ಡ͢Δʢ͕ɺ࠲ֶͰ৴༻͢Δͳʣ
» php.iniΛख़ಡ͢Δʢ͕ɺ࠲ֶͰ৴༻͢Δͳʣ
» ini_get_allͷ஋Λશ෦ݟ͍ͯ͘
» ࣮஍ͰϋϚ֮ͬͯ͑Δ
» 20೥͸࣋ͭphp.iniͩ͠ɺ͋ͱ10೥͸࢖ΘΕͦ͏(ʁ)

View Slide

΍͍͖ͬͯ·͠ΐ͏!"

View Slide

׬
࣭໰͋Γ·͢ʁ

View Slide

php.iniの話

php.iniの話

uzulla

More Decks by uzulla

Other Decks in Programming

Featured

Transcript