以 CGI 模式安装时
It's again not stated clearly in the documentation, that you should use --enable-discard-path ONLY IF you plan to use the PHP CGI outside the web tree as stated here.
If you want to use PHP as a regular CGI processor (via Action & AddHandler in the Apache config file), you shouldn't use this option because, if compiled with this, the PHP binary won't recognize the path to the actual script and will in any case try to send itself to the browser as the script output (!).
情形四:PHP 解释器放在 web 目录以外
一个非常安全的做法就是把 PHP 解释器放在 web 目录外的地方,比如说 /usr/local/bin。这样做唯一不便的地方就是必须在每一个包含 PHP 代码的文件的第一行加入如下语句:
#!/usr/local/bin/php
在这种情况下,要使 PHP 能正确处理 PATH_INFO 和 PATH_TRANSLATED 等变量的话,在编译 PHP 解释器时必须加入 --enable-discard-path 参数。
add a note
User Contributed Notes情形四:PHP 解释器放在 web 目录以外
raj at ap dot krakow dot pl
10-Feb-2008 04:02
10-Feb-2008 04:02
Andras Rokob <rokoba at bolyai dot elte dot hu>
19-Oct-2006 05:59
19-Oct-2006 05:59
You can avoid the need of using the shell-escaping (#! ...) in all your php scripts if you set the executable bit on them and exploit the binfmt_misc support of the Linux kernels.