php.ini安全配置

1.session.use_cookies = 1
2.session.use_only_cookies = 1
3.short_open_tag = On
4.allow_url_fopen = Off
5.allow_url_include = Off
6.disable_functions =phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_set,ini_restore,pfsockopen,dl,pfsockopen,syslog,readlink,symlink,popen,stream_socket_server,putenv,
7.display_errors = Off;生产环境关闭，调试开启
8.enable_dl = Off
9.error_reporting=E_ALL
10.file_uploads = Off;看需要开启
11.
12.magic_quotes_gpc = Off
13.memory_limit=8;看情况调节
14.open_basedir =D:/www;看情况调节
15.register_globals=Off
16.safe_mode=On
17.session.save_handler = files;建议改为数据库存储
18.mysql密码管理 建议建立一db.inc文件，内容为
SetEnv DB_USER "root"

SetEnv DB_PASS ""
SetEnv DB_HOST "localhost"
然后修改httpd.conf，添加以下内容
Include "d:/pass.txt"
php文件中使用mysql链接
mysqli($_SERVER['DB_HOST'],$_SERVER['DB_USER'],$_SERVER['DB_PASS']);
19.