About the Author

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Damien Seguy Catalogues phpinfo() Statistics

Sat, 04 Nov 2006 at 00:58:13 GMT
6 Comments
References

As I mentioned earlier, Damien Seguy has been compiling phpinfo() statistics. He just sent me an email with an update on his progress:

I just published the first part of a series of articles about PHP directives configurations. By gathering 11,000 phpinfos on the Internet, I managed to get an overview of what values are used when configuring PHP.

Here are some interesting statistics uncovered by his research:

register_globals is enabled 57% of the time.
magic_quotes_gpc is enabled 76% of the time.
display_errors is enabled 80% of the time.

You can find his full article at the following URL:

http://nexen.net/articles/dossier/php_configuration_statitstics.php

About This Post

Damien Seguy Catalogues phpinfo() Statistics was posted on Sat, 04 Nov 2006 at 00:58:13 GMT.

6 Comments

1. Tim B said:

Wouldn't these statistics, although interesting, be rather inaccurate and not give a reliable "picture" of the PHP community.

I would suggest that those who have register_globals, magic_quotes_gpc and display_errors all turned off are also more likely to not have their phpinfo() data exposed, meaning that the majority of results *would* have these enabled.

Anyway... that was my initial thought.
Sat, 04 Nov 2006 at 02:08:38 GMT Link

2. Chris Shiflett said:

As I mentioned in the earlier post, Adam said the same thing. It's certainly a valid point.

Damien's response was that the phpinfo() stats lined up with his version stats (obtained using an entirely different methodology), so that lends some credibility to these results.
Sat, 04 Nov 2006 at 02:23:21 GMT Link

3. streaky said:

Interesting he's not answered the real question that everybody is thinking.. i.e. the version numbers question.

It's the one that stands out as missing from the list to me.
Sat, 11 Nov 2006 at 14:49:38 GMT Link

4. Chris Shiflett said:

You might mean this:

http://shiflett.org/archive/239

As far as I know, he's been keeping up with version stats for quite some time now.
Sat, 11 Nov 2006 at 18:51:12 GMT Link

5. Caydel said:

Thanks for passing this on - reading that has caused me to go turn phpinfo() off on my pages....
Wed, 22 Nov 2006 at 03:06:54 GMT Link

6. Ergo said:

Is it possible to read phpinfo() of any site?

As far as I know it is not possible. So it is not representative extract
Thu, 23 Nov 2006 at 18:07:07 GMT Link

Upcoming Talks

php|tek

19 - 22 May 2009

At Sheraton Gateway Suites Chicago O'Hare, Chicago, Illinois.

OSCON

20 - 24 Jul 2009

At San Jose McEnery Convention Center, San Jose, California.

New Comments

Ronald wrote:: A little hard for a rookie like me, but useful. I also thought you'd like to know there is a grea...; Posted in A rev="canonical" HTTP Header
Alex wrote:: Aren't you forgetting that the session will expire if _write() is never called? That excludes ...; Posted in
Andy Mabbett wrote:: @Chris Shiflett, #4, belatedly: Google only accepts rel=canonical within the same domain. My s...; Posted in A rev="canonical" HTTP Header
Kenneth Udut wrote:: I've implemented this rev="canonical" idea on http://free.naplesplus.us in the hopes that it catc...; Posted in Save the Internet with rev="canonical"
Mark wrote:: After reading your article and all the comments, what I got out of this was that sessions are not...; Posted in