What is the best way to store configuration variables in PHP?

alex picture alex · Feb 27, 2009 · Viewed 10.5k times · Source

I need to store a bunch of configuration information in PHP.

I have considered the following....

// Doesn't seem right.
$mysqlPass = 'password'; 

// Seems slightly better.
$config = array(
     'mysql_pass' => 'password'
);

// Seems dangerous having this data accessible by anything. but it can't be
// changed via this method.
define('MYSQL_PASSWORD', 'password'); 

// Don't know if this is such a good idea.
class Config
{
    const static MYSQL_PASSWORD = 'password';
}     

This is all I have thought of so far. I intend to import this configuration information into my application with require /config.inc.php.

What works for you with regard to storing configuration data, and what are best practices concerning this?

Answer

William Holroyd picture William Holroyd · Feb 27, 2009

I've always gone with option #2 and just ensure that no one but the owner has ANY sort of access to it. It's the most popular method among PHP applications like Joomla, vBulletin, Gallery, and numerous others.

First method is too messy to me (readability) and the third is WAY too dangerous to do. I've never thought about the Class method, so someone else can provide their input on that one. But I guess it's fine so long as the right access is used on the class' usage.


Example..

define('EXAMPLE1', "test1"); // scenario 1
$example2 = "test2"; // scenario 2

function DealWithUserInput($input)
{
   return eval($input);
}

Now this example of code is really dumb, but just an example. Consider what could be returned by the function depending on which scenario the user could try to use in their input.

Scenario 2 would only cause an issue if you made it a global within the function. Otherwise it's out of scope and unreachable.