You may or may not have administrative privileges for your particular environment, but either way it is still your job to know how certain things are configured. If you find something is questionable, ask the sysadmin.
Following are a few things you should be aware of regarding administration:
Know Your php.ini
By now just about everyone should know about the register_globals directive, which is set to "Off" by default since PHP version 4.2.0. Leaving register_globals off is a pretty good idea, as allowing anyone to modify un-initialized $_GET variables via the query string could wreak a world of havoc. Another google search, intitle:"phpinfo()" "register_globals On", clearly shows how few people follow that advice. Overall you should take the time to read through and become familiar with everything that your php.ini file has to offer. Safe mode is another popular one, which should just be ignored all together because it will be removed as of PHP version 6 (the same goes for register_globals). Safe mode was a bad idea to begin with, intended to prevent problems with shared hosts (which will be discussed later in the "Environment" section). It is architecturally incorrect to try to solve this problem at the PHP level, but should instead be solved at the OS level. The things safe mode restricts you from doing is not only annoying as a developer, but pointless as just about any other available technology on the server (CGI or Perl for example) could be used to get around the restrictions.
Limit Yourself with Database Privileges
Assuming you're using MySQL, you should of course be using a limited MySQL user for your applications; only allow yourself what you need to get the job done. For example do you really need the privilege to DELETE? You may think so, but you really don't. It is much safer to simply mark something as deleted and clean it up manually later than it is to have your script automatically delete it for you. As an added bonus, if anyone were able to exploit your code to execute queries of their own, they would be limited as well, leaving the damage minimal compared to what could have happened had they the privileges. We'll talk more about how to prevent SQL injection in the "Validation" section.
Always Update and Make Backups
It's true that updating PHP may very well break your code (depending on how well you follow standards), however updates fix vulnerabilities which makes them pretty darn important. It's not a bad idea to have a test environment setup so that you can see what will happen, and/or correct any problems before it effects your users. Automatic/regular backups should also go without saying. You should always be able to roll back if something goes wrong. There is a plethora of software and other tools available to assist you with such things. You could also script the backup process and periodically run it as a cron job or scheduled task.
