Why is the phpinfo() function disabled in shared hosting?

The phpinfo() function is disabled in the shared hosting service due to a security vulnerability in PHP 5.3: CVE-2014-4721.

phpinfo() outputs information about PHP’s configuration, such as the values of PHP directives, loaded extensions and environment variables. Even though phpinfo() is disabled, you can still find that information using other functions:

PHP directives: ini_get() and ini_get_all()

echo ini_get(upload_max_filesize); // 2M

Extensions/modules: get_loaded_extensions()


Environment variables: $_ENV


PHP or extension version: phpversion()

echo phpversion(); // 5.3.26
echo phpversion(‘pdo_mysql’); // 1.0.1

In case you have SSH access to the server, “php -i” can also be used to get PHP configuration settings. For example, to get the configuration for the PDO – MySQL extension:

$ php -i|grep pdo_mysql

Or to get the version of PHP:

$ php -v