getButterfly Logo getButterfly

PHP has a feature that allows you to prepend a file at every request. This prepend file is the equivalent of having it include()ed at the top of every single PHP script on your site. It’s is done through a directive that is set either in php.ini or .htaccess. The directive is called auto_prepend_file. It’s also evil if you don’t know about its existence.

In a .htaccess file, you can use this directive to define a specific file that will be auto-prepended, in a directory:

php_value auto_prepend_file "prepend.php"

You can also use this directive to deactivate auto-prepending in a directory or root:

php_value auto_prepend_file none

Note: Use the special value “none“, as explained in the documentation of auto_prepend_file:

The special value none disables auto-prepending.

Note: You can set php_values in .htaccess only where PHP is run as an Apache module.

When I first encountered this issue, I blamed my text editor for byte order marks (BOM). So, I found a neat script that searches for BOM files inside your root and recursively throughout the folders:

// Detect BOM sequence in a folder recursively
define('STR_BOM', "\xEF\xBB\xBF");
$file = null;
$directory = getcwd();

$rit = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory), RecursiveIteratorIterator::CHILD_FIRST);
try {
    foreach ($rit as $file) {
        if ($file->isFile()) {
            $path_parts = pathinfo($file->getRealPath());

            if ('php' == $path_parts['extension']) {
                $object = new SplFileObject($file->getRealPath());

                if (false !== strpos($object->getCurrentLine(), STR_BOM)) {
                    print $file->getRealPath()."\n";
} catch (Exception $e) {
    die ('Exception caught: '. $e->getMessage());

This piece of code is going into my upcoming plugin, WordPress Perfect Plugin. Heh, that’s a spoiler!

Subscribe to getButterfly Blog

Once a week or so we send an email with our best content. We never bug you, we just send you our latest piece of content.

If you found any value in this post, agree, disagree, or have anything to add - please do. I use comments as my #1 signal for what to write about. Read our comment policy before commenting! Comments such as "Thank you!", "Awesome!", "You're the man!" are either marked as spam or stripped from URL.

Leave a reply