Best IT Recipes

Is ini_set ('max_execution_time', 0) a bad idea?

Is there any good reason not to set the PHP max_execution_time configuration variable to 0?

An employee recently checked for changes to a file that added:

 ini_set('max_execution_time', 0);

The default value was too low for a page that did some complex processing before returning output to the user.

The manual states that the main purpose of the setup is:

prevent poorly written scripts from binding the server.

But it also says:

Your web server may have other timeout configurations that may also interrupt PHP execution. Apache has a Timeout directive, and IIS has a CGI timeout function. Both defaults to 300 seconds. See your web server documentation for more information.

We work under Apache, therefore the Timeout parameter is applied. Is there a reason not to set max_execution_time to zero globally? I'm mostly curious if there are any advantages that I miss when I don't set it to zero.

+50
php
Nov 29 '10 at 18:04
source share
2 answers

risking annoying you;

You are asking the wrong question. You do not need a reason not to deviate from the default values, but vice versa. You need a reason for this. Timeouts are absolutely necessary when starting a web server and disabling this parameter for no reason, in fact, contrary to good practice, even if it runs on a web server that has its own timeout directive.

Now for the real answer; it probably doesn't matter at all in this particular case, but it’s bad practice to set up a separate system. What if the script is run on another server with a different timeout? If you can say with confidence that this will never happen, it’s good, but good practice is largely related to the seemingly unlikely events and not unnecessarily link the settings and functionality of completely different systems. Dismissal of such principles is responsible for many meaningless incompatibilities in the software world. Almost every time they are unforeseen.

What if the web server is later configured to run another runtime that only inherits the timeout parameter from the web server? Say, for example, that you need a 15-year-old CGI program written in C ++ by someone who has moved to another continent that does not know a single timeout other than a web server. This can lead to a change in the timeout because PHP relies aimlessly on the timeout of the web server and not on its own, which can cause problems for the PHP script. Or vice versa, you need less web server timeout for some reason, but PHP should still have it higher.

It’s just not worth connecting PHP functions with a web server, because the web server and PHP are responsible for different roles and should be as functional as possible. When the PHP side needs more processing time, it should be set up in PHP simply because it is related to PHP and not necessarily everything else on the web server.

In short, it simply unnecessarily unites the question when there is no need.

And last but not least, "still" is true; you should at least use set_time_limit() than ini_set() .

Hope this is not too patronizing and annoying. As I said, this may be good in accordance with your specific circumstances, but it is good practice that your assumptions are not considered the One true Circumstances. All this.:)

+56
Nov 29 '10 at 19:02
source share

The reason is to have some value other than zero. The general practice is to make it short on a global scale and long for long working scripts such as parsers, scanners, dump trucks, export and import scripts, etc.

  • You can stop the server, damage the work of other people from memory by consuming the script, without even knowing about it.
  • You will not see errors somewhere, say, an infinite loop, and it will be more difficult to diagnose.
  • Such a site can be easily DoSed by one user when requesting pages with a long runtime.
+10
May 26 '13 at 22:44
source share


More articles:


All Articles