phpinfo()

phpinfo() is a single function call that dumps your entire PHP configuration into the browser — every setting, every loaded extension, every limit, every file path. It's the first thing experienced PHP developers check when something isn't working: "Is the extension loaded? What's the upload limit? Where's php.ini?" The answer is always in phpinfo.

It's also the first thing attackers look for on production servers, because it reveals exactly how your server is configured. Create it for debugging, read it, then delete it.

View your PHP config: localhost/phpinfo.php
You need to create the file first (see below)

Creating the phpinfo File

phpinfo() isn't a page that exists by default — you create a small PHP file that calls the function:

<?php
phpinfo();

Save this as phpinfo.php (or info.php, or whatever you want) in your web root:

  • XAMPP: C:\xampp\htdocs\phpinfo.php
  • WAMP: C:\wamp64\www\phpinfo.php
  • MAMP: /Applications/MAMP/htdocs/phpinfo.php
  • Linux server: /var/www/html/phpinfo.php

Then open http://localhost/phpinfo.php in your browser. You'll see a massive page of purple tables. That wall of information is what you need to learn to read.

What to Actually Look For

phpinfo() outputs dozens of sections, but in practice you're usually looking for specific things. Here's what matters most:

PHP Version

Right at the top. This tells you which version is running. If you're developing a project that requires PHP 8.2+ and phpinfo shows 7.4, you need to upgrade. Your XAMPP or hosting environment might have an older PHP than you expect.

php.ini Location

Look for "Loaded Configuration File" — this tells you exactly which php.ini file PHP is reading. This is critical because systems can have multiple php.ini files (one for CLI, one for Apache, one for FPM), and editing the wrong one changes nothing. The path shown here is the one that matters for your web server.

Also check "Scan this dir for additional .ini files" — some setups load extra config files from a conf.d directory.

Upload Limits

Search for these two values — they're the most commonly changed PHP settings:

SettingDefaultWhat It Does
upload_max_filesize2MMaximum size of a single uploaded file
post_max_size8MMaximum size of the entire POST request (must be ≥ upload_max_filesize)
max_file_uploads20Maximum number of files in a single upload

If file uploads are failing silently (the form submits but no file appears), these limits are almost always the cause. To change them, edit php.ini at the path shown in "Loaded Configuration File" and restart Apache.

Memory and Execution Limits

SettingDefaultWhat It Does
memory_limit128MMaximum memory a script can use. Increase for image processing, large data imports
max_execution_time30Seconds before PHP kills a script. Increase for long-running tasks
max_input_time60Seconds PHP will spend parsing input (including uploads)
max_input_vars1000Maximum form fields in a POST. WooCommerce and complex forms may need more

Loaded Extensions

Each loaded PHP extension gets its own section in phpinfo. The fastest way to check if a specific extension is installed: use Ctrl+F and search for it. Common ones to verify:

  • mysqli / pdo_mysql — required for MySQL/MariaDB connections (WordPress, Laravel)
  • curl — required by most frameworks for HTTP requests
  • gd / imagick — image manipulation (thumbnails, resizing)
  • mbstring — multibyte string handling (required for UTF-8)
  • zip — ZIP file handling, plugin/theme installations
  • openssl — HTTPS connections, encryption
  • intl — internationalization (required by Symfony, some Laravel features)

If an extension is missing, you need to enable it in php.ini. Find the line ;extension=mysqli (with a semicolon), remove the semicolon to uncomment it, save php.ini, and restart Apache.

Error Reporting

Search for display_errors and error_reporting. In development, you want display_errors = On and error_reporting = E_ALL so errors show in the browser instead of silently failing. In production, display_errors should be Off and errors should go to a log file instead.

phpinfo() Parameters

You can show only specific sections instead of the entire dump:

<?php
// Show everything (default)
phpinfo();

// Just PHP version and build info
phpinfo(INFO_GENERAL);

// Just loaded modules
phpinfo(INFO_MODULES);

// Just current php.ini values
phpinfo(INFO_CONFIGURATION);

// Combine sections with bitwise OR
phpinfo(INFO_GENERAL | INFO_MODULES);

Command-Line Alternative

You don't always need a browser. PHP can dump config info from the terminal:

# Quick version check
php -v

# Full phpinfo output in terminal
php -i

# Check a specific setting
php -i | grep upload_max_filesize

# List all loaded extensions
php -m

# Find php.ini location
php --ini

Note: the CLI php.ini can be different from the web server's php.ini. If you change a setting and it doesn't take effect in the browser, check that you're editing the right file (use the "Loaded Configuration File" path from the browser-based phpinfo).

The Security Warning

Never leave phpinfo.php on a production server. It exposes your PHP version (attackers know which exploits to try), your server's file paths, installed extensions and their versions, database connection info, environment variables (which may contain passwords), and your exact server configuration. It's a reconnaissance goldmine. Create it, read it, then delete it immediately.

If you need to check PHP configuration on a production server, use the command-line php -i over SSH instead of exposing it through a web-accessible file. Or name the file something non-obvious (not phpinfo.php, info.php, or test.php — scanners check for all of these) and delete it when you're done.