Thursday, June 4, 2009

What's the difference between running PHP as a cgi or as a module in safe mode

What's the difference between running PHP as a cgi or as
a module in safe mode?
At Modwest, PHP runs as a cgi and "safe mode" is OFF. If you are have never worked with PHP running as CGI instead of as an Apache module, here are the primary differences you'll discover at Modwest:

1. PHP sees file paths the same way you do when you ftp into your account. The root directory "/" is your home directory as far as PHP is concerned.

2. PHP scripts run with YOUR permissions instead of the permissions of the webserver. This is an advantage because your PHP scripts will be able to fopen() files, fwrite() to them and fclose() them at will. This also means the PHP copy() function is totally unrestricted. Any file written by PHP will be owned by you, not the webserver, which means you can then manipulate those files with other PHP scripts.

3. For speed, PHP has no extension modules included except the one for MySQL. If you need to use PHP functions from an extension module (such as GD image manipulation or XSLT/XML functions), you can either use the dl() function to dynamically load the module right in your PHP code, or you can go enable them site-wide in your php.ini file or with the PHP configurator in OnSite.

4. You have complete control of your own php.ini file. You can use this to set include_path, auto_prepend_file and other values. You cannot set any php configurations with php_value directives in .htaccess files. Editting your php.ini file affects all PHP scripts in your account. Certain things can be done on a per-script basis by calling such functions as dl() and ini_set().

5. A few PHP functions, like getallheaders(), will not work when running as cgi. However, there are always alternatives to achieve the same effect. Other PHP abilities like HTTP Authentication and sending 401 Unauthorized headers are still possible.


Note that the module version of PHP, also known as mod_php and identified via the php_sapi_name() call as "apache", is not supported by Modwest.

See Also:

What is the real full path to my home directory?

What can I do with .htaccess files?

What PHP modules are available and how do I load them?

Why does a PHP function give an error that it is undefined?

How do I set PHP include_path?

Why does PHP HTTP authentication not work?

Can I have all .html pages parsed as PHP?

How do I do html form file uploads?

Sbox error file not world executable?

Sbox error file is world writable?

Sbox error the directory containing [some script] is world writable?

Do I need 777 permissions in order for my PHP scripts to create files?

No comments: