127

I want to create a config file for my PHP project, but I'm not sure what the best way to do this is.

I have 3 ideas so far.

1-Use Variable

$config['hostname'] = "localhost";
$config['dbuser'] = "dbuser";
$config['dbpassword'] = "dbpassword";
$config['dbname'] = "dbname";
$config['sitetitle'] = "sitetitle";

2-Use Const

define('DB_NAME', 'test');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
define('TITLE', 'sitetitle');

3-Use Database

I will be using the config in classes so I'm not sure which way would be the best or if there is a better way.

Ali Akbar Azizi
  • 3,272
  • 3
  • 25
  • 44
  • 14
    4) Use an ini file. 5) Use a YAML file. 6) Use a JSON file. 7) ... There are so many ways... Define some criteria to judge against at least, there's no overall "best". – deceze Feb 07 '13 at 13:42
  • @deceze what is the fasted way ? ( memory and fast ) – Ali Akbar Azizi Feb 07 '13 at 13:43
  • This should be an interesting read for you then: http://stackoverflow.com/questions/823352/my-config-ini-vs-my-config-php – eithed Feb 07 '13 at 13:50
  • 1
    I use the way Laravel does it (when not using Laravel that is). I create a class that loads a specific config file depending on the host name. I then call it by using `Config::get('key');`. http://pastebin.com/4iTnjEuM – MisterBla Feb 09 '15 at 22:11

15 Answers15

261

One simple but elegant way is to create a config.php file (or whatever you call it) that just returns an array:

<?php

return array(
    'host' => 'localhost',
    'username' => 'root',
);

And then:

$configs = include('config.php');
Hugo Mota
  • 11,200
  • 9
  • 42
  • 60
  • 15
    I like this method also - I think it's cleaner than just declaring a variable in an included file and assuming it'll be there in your script – Colin M Feb 07 '13 at 13:45
  • 3
    Where is in this answer method of creating config file? For php novice like me? – Luka Feb 22 '17 at 17:18
  • @Luka You can use [var_export](http://php.net/manual/en/function.var-export.php) function. – Hasan Bayat Sep 30 '17 at 12:25
  • One great advantage of using this is that u can easily update the config file based on user custom configuration like this `$config = include 'config.php';` and then update the value `$config['host']= 'somethingelse';` and afterward `file_put_contents('config.php', ''); ` now the new host configuration is updated and saved in config file. – Saghachi Feb 10 '23 at 12:06
101

Use an INI file is a flexible and powerful solution! PHP has a native function to handle it properly. For example, it is possible to create an INI file like this:

app.ini

[database]
db_name     = mydatabase
db_user     = myuser
db_password = mypassword

[application]
app_email = mailer@myapp.com
app_url   = myapp.com

So the only thing you need to do is call:

$ini = parse_ini_file('app.ini');

Then you can access the definitions easily using the $ini array.

echo $ini['db_name'];     // mydatabase
echo $ini['db_user'];     // myuser
echo $ini['db_password']; // mypassword
echo $ini['app_email'];   // mailer@myapp.com

IMPORTANT: For security reasons the INI file must be in a non public folder

Marcio Mazzucato
  • 8,841
  • 9
  • 64
  • 79
  • 1
    Is this also safe to use? If a user would guess the path to the ini file, and goes there in their browser, would they see what's in the file? – NickGames Apr 04 '16 at 10:01
  • 2
    @NickGames, You must put the file in a non public folder, otherwise you will be under a serious security risk – Marcio Mazzucato Apr 06 '16 at 13:44
  • 2
    @NickGames, please look at the 1 comment in [Docs of parse_ini_file()](http://php.net/manual/en/function.parse-ini-file.php#99474) – R Picheta Sep 23 '16 at 12:04
  • its hard to write ini files in shared hostings. – danny Jul 29 '17 at 21:25
  • @danny, I already used INI file in shared hostings and it was very easy. Maybe you misunderstood something. – Marcio Mazzucato Jul 31 '17 at 18:28
  • @MarcioMazzucato I had problems while writing on godaddy. Reading is possible but writting ini files was not working. – danny Aug 16 '17 at 21:40
  • 29
    I like this approach. Bonus tip: Rename the file to app.ini.php. Then add to the first line `;`. In case this file accidentally appears in a public folder, it will be treated as PHP file and die at first line. If the file is read with `parse_ini_file`, it will treat the first line as a comment because of the `;`. – andreas Dec 24 '18 at 00:14
  • 2
    Note: If a value in the ini file contains any __non-alphanumeric__ characters it needs to be enclosed in __double-quotes__ (`"`). For example, any password contains non-alphanumeric characters. – Key Shang Jul 24 '19 at 02:36
  • I don't understand why you would bother doing this rather than just defining variables or constants in PHP. Seems like you end up with the exact same result, with no need to waste time/memory/CPU parsing anything. also it doesn't have the additional security concern of possibly leaking config settings if someone were to leave it in a public folder. Maybe if you need PHP and another app to both access the file it might make sense, but that seems like it would be a rather rare edge case. – cantsay Sep 02 '22 at 01:54
31

I use a slight evolution of @hugo_leonardo 's solution: 

<?php

return (object) array(
    'host' => 'localhost',
    'username' => 'root',
    'pass' => 'password',
    'database' => 'db'
);

?>

This allows you to use the object syntax when you include the php : $configs->host instead of $configs['host'].

Also, if your app has configs you need on the client side (like for an Angular app), you can have this config.php file contain all your configs (centralized in one file instead of one for JavaScript and one for PHP). The trick would then be to have another PHP file that would echo only the client side info (to avoid showing info you don't want to show like database connection string). Call it say get_app_info.php :

<?php

    $configs = include('config.php');
    echo json_encode($configs->app_info);

?>

The above assuming your config.php contains an app_info parameter:

<?php

return (object) array(
    'host' => 'localhost',
    'username' => 'root',
    'pass' => 'password',
    'database' => 'db',
    'app_info' => array(
        'appName'=>"App Name",
        'appURL'=> "http://yourURL/#/"
    )
);

?>

So your database's info stays on the server side, but your app info is accessible from your JavaScript, with for example a $http.get('get_app_info.php').then(...); type of call.

Community
  • 1
  • 1
BoDeX
  • 846
  • 8
  • 18
  • why make it a object? – TheCrazyProfessor Mar 09 '17 at 21:37
  • 4
    Making it an object makes the handling of the data a lot easier. It allows for example to get all `app_info` parameters to the JavaScript as a JSON with minimum lines of code. – BoDeX Mar 15 '17 at 15:42
  • Objects also have a side-effect of being passed by reference since PHP 5. It may or may not be a good thing. Arrays are passed by value (but implemented as COW) so it might be better to use config arrays instead of config objects. – Mikko Rantalainen Nov 14 '17 at 12:29
  • @BoDeX i like this way always and seems to be the favored approach in most articles, but how would i access this via class? I read in security article that creating global variables isnt a good idea so what do you suggest? – Kevlwig Feb 11 '18 at 01:14
25

The options I see with relative merits / weaknesses are:

File based mechanisms

These require that your code look in specific locations to find the ini file. This is a difficult problem to solve and one which always crops up in large PHP applications. However you will likely need to solve the problem in order to find the PHP code which gets incorporated / re-used at runtime.

Common approaches to this are to always use relative directories, or to search from the current directory upwards to find a file exclusively named in the base directory of the application.

Common file formats used for config files are PHP code, ini formatted files, JSON, XML, YAML and serialized PHP

PHP code

This provides a huge amount of flexibility for representing different data structures, and (assuming it is processed via include or require) the parsed code will be available from the opcode cache - giving a performance benefit.

The include_path provides a means for abstracting the potential locations of the file without relying on additional code.

On the other hand, one of the main reasons for separating configuration from code is to separate responsibilities. It provides a route for injecting additional code into the runtime.

If the configuration is created from a tool, it may be possible to validate the data in the tool, but there is no standard function to escape data for embedding into PHP code as exists for HTML, URLs, MySQL statements, shell commands....

Serialized data This is relatively efficient for small amounts of configuration (up to around 200 items) and allows for use of any PHP data structure. It requires very little code to create/parse the data file (so you can instead expend your efforts on ensuring that the file is only written with appropriate authorization).

Escaping of content written to the file is handled automatically.

Since you can serialize objects, it does create an opportunity for invoking code simply by reading the configuration file (the __wakeup magic method).

Structured file

Storing it as a INI file as suggested by Marcel or JSON or XML also provides a simple api to map the file into a PHP data structure (and with the exception of XML, to escape the data and create the file) while eliminating the code invocation vulnerability using serialized PHP data.

It will have similar performance characteristics to the serialized data.

Database storage

This is best considered where you have a huge amount of configuration but are selective in what is needed for the current task - I was surprised to find that at around 150 data items, it was quicker to retrieve the data from a local MySQL instance than to unserialize a datafile.

OTOH its not a good place to store the credentials you use to connect to your database!

The execution environment

You can set values in the execution environment PHP is running in.

This removes any requirement for the PHP code to look in a specific place for the config. OTOH it does not scale well to large amounts of data and is difficult to change universally at runtime.

On the client

One place I've not mentioned for storing configuration data is at the client. Again the network overhead means that this does not scale well to large amounts of configuration. And since the end user has control over the data it must be stored in a format where any tampering is detectable (i.e. with a cryptographic signature) and should not contain any information which is compromised by its disclosure (i.e. reversibly encrypted).

Conversely, this has a lot of benefits for storing sensitive information which is owned by the end user - if you are not storing this on the server, it cannot be stolen from there.

Network Directories Another interesting place to store configuration information is in DNS / LDAP. This will work for a small number of small pieces of information - but you don't need to stick to 1st normal form - consider, for example SPF.

The infrastucture supports caching, replication and distribution. Hence it works well for very large infrastructures.

Version Control systems

Configuration, like code should be managed and version controlled - hence getting the configuration directly from your VC system is a viable solution. But often this comes with a significant performance overhead hence caching may be advisable.

Ali Akbar Azizi
  • 3,272
  • 3
  • 25
  • 44
symcbean
  • 47,736
  • 6
  • 59
  • 94
6

Well - it would be sort of difficult to store your database configuration data in a database - don't ya think?

But really, this is a pretty heavily opinionated question because any style works really and it's all a matter of preference. Personally, I'd go for a configuration variable rather than constants - generally because I don't like things in the global space unless necessary. None of the functions in my codebase should be able to easily access my database password (except my database connection logic) - so I'd use it there and then likely destroy it.

Edit: to answer your comment - none of the parsing mechanisms would be the fastest (ini, json, etc) - but they're also not the parts of your application that you'd really need to focus on optimizing since the speed difference would be negligible on such small files.

Colin M
  • 13,010
  • 3
  • 38
  • 58
4

You can create a config class witch static properties

class Config 
{
    static $dbHost = 'localhost';
    static $dbUsername = 'user';
    static $dbPassword  = 'pass';
}

then you can simple use it:

Config::$dbHost

Sometimes in my projects I use a design pattern SINGLETON to access configuration data. It's very comfortable in use.

Why?

For example you have 2 data source in your project. And you can choose witch of them is enabled.

  • mysql
  • json

Somewhere in config file you choose:

$dataSource = 'mysql' // or 'json'

When you change source whole app shoud switch to new data source, work fine and dont need change in code.

Example:

Config:

class Config 
{
  // ....
  static $dataSource = 'mysql';
  / .....
}

Singleton class:

class AppConfig
{
    private static $instance;
    private $dataSource;

    private function __construct()
    {
        $this->init();
    }

    private function init()
    {
        switch (Config::$dataSource)
        {
            case 'mysql':
                $this->dataSource = new StorageMysql();
                break;
            case 'json':
                $this->dataSource = new StorageJson();
                break;
            default:
                $this->dataSource = new StorageMysql();
        }
    }

    public static function getInstance()
    {
        if (empty(self::$instance)) {
            self::$instance = new self();
        }
        return self::$instance;
    }

    public function getDataSource()
    {
        return $this->dataSource;
    }
}

... and somewhere in your code (eg. in some service class):

$container->getItemsLoader(AppConfig::getInstance()->getDataSource()) // getItemsLoader need Object of specific data source class by dependency injection

We can obtain an AppConfig object from any place in the system and always get the same copy (thanks to static). The init () method of the class is called In the constructor, which guarantees only one execution. Init() body checks The value of the config $dataSource, and create new object of specific data source class. Now our script can get object and operate on it, not knowing even which specific implementation actually exists.

Sebastian Skurnóg
  • 161
  • 1
  • 3
2

Define will make the constant available everywhere in your class without needing to use global, while the variable requires global in the class, I would use DEFINE. but again, if the db params should change during program execution you might want to stick with variable.

phpalix
  • 679
  • 4
  • 8
  • what is the fastet way to execute the php? const or var ? – Ali Akbar Azizi Feb 07 '13 at 13:46
  • 1
    @CooPer Defining constants is significantly slower than defining variables. But using them is slightly quicker. Since these are going to be used in one place, variables would overall offer higher performance. – Colin M Feb 07 '13 at 13:48
  • "Significantly" is a bit heavy word for that, if you would be looking at it this way, maybe you should contact the php dev guys and ask them to remove the constant support! – phpalix Feb 07 '13 at 13:54
  • @phpalix Defining a constant can be anywhere from 10-20x slower than defining a variable with the same value. I'd say that's significant. However, if you use the constant heavily throughout your application - it may very well pay off. But creating a constant to use it once is not advised. – Colin M Feb 07 '13 at 14:14
2

If you think you'll be using more than 1 db for any reason, go with the variable because you'll be able to change one parameter to switch to an entirely different db. I.e. for testing , autobackup, etc.

trigun0x2
  • 233
  • 3
  • 13
1

Here is my way.

    <?php

    define('DEBUG',0);

    define('PRODUCTION',1);



    #development_mode : DEBUG / PRODUCTION

    $development_mode = PRODUCTION;



    #Website root path for links

    $app_path = 'http://192.168.0.234/dealer/';



    #User interface files path

    $ui_path = 'ui/';

    #Image gallery path

    $gallery_path = 'ui/gallery/';


    $mysqlserver = "localhost";
    $mysqluser = "root";
    $mysqlpass = "";
    $mysqldb = "dealer_plus";

   ?>

Any doubts please comment

Alok Rajasukumaran
  • 381
  • 1
  • 5
  • 20
1

One of the simplest form to use config with multiple files is like this:

Files hierarchy:

config
 - mail.php
 - database.php

mail.php

return [
'smtp_debug' => 0,
];

A helper function:

function config($configFilename, $key)
{
    $path = sprintf("config/%s.php", $configFilename);
    if (file_exists($path)) {
        $config = include sprintf("config/%s.php", $configFilename);
        if (isset($config[$key])) {
            return $config[$key];
        }
    }
    return '';
}

And you can call it in elegant way:

config('mail','smtp_debug')
Leotrim Lota
  • 61
  • 4
  • I don't think this is a good idea at all, it include the config time each time you call the function, so if I need 10 config parameter i need to load one of the config file 10 times – Ali Akbar Azizi May 21 '23 at 22:26
0

I normally end up creating a single conn.php file that has my database connections. Then i include that file in all files that require database queries.

Mihir Chhatre
  • 443
  • 5
  • 14
0

What about something like this ?

class Configuration
{

    private $config;

    
    public function __construct($configIniFilePath)
    {
        $this->config = parse_ini_file($configIniFilePath, true);
    }

    /**
     * Gets the value for the specified setting name.
     *
     * @param string $name the setting name
     * @param string $section optional, the name of the section containing the
     *     setting
     * @return string|null the value of the setting, or null if it doesn't exist
     */
    public function getConfiguration($name, $section = null)
    {
        $configValue = null;

        if ($section === null) {
            if (array_key_exists($name, $this->config)) {
                $configValue = $this->config[$name];
            }
        } else {
            if (array_key_exists($section, $this->config)) {
                $sectionSettings = $this->config[$section];
                if (array_key_exists($name, $sectionSettings)) {
                    $configValue = $sectionSettings[$name];
                }
            }
        }

        return $configValue;
    }
}
Ahmed Abdelhak
  • 239
  • 3
  • 7
0

if i have a config file like config.conf (it can be htttp://example.com/config.conf)

user=cacom
version = 2021608
status= true

this is my function:

function readFileConfig($UrlOrFilePath){

    $lines = file($UrlOrFilePath);
    $config = array();
    
    foreach ($lines as $l) {
        preg_match("/^(?P<key>.*)=(\s+)?(?P<value>.*)/", $l, $matches);
        if (isset($matches['key'])) {
            $config[trim($matches['key'])] = trim($matches['value']);
        }
    }

    return $config;
}

we can use:

$urlRemote = 'http://example.com/default-config.conf';
$localConfigFile = "/home/domain/public_html/config.conf";
$localConfigFile2 = "config.conf";

print_r(readFileConfig($localConfigFile2));
print_r(readFileConfig($localConfigFile));
print_r(readFileConfig($urlRemote));
Hoàng Vũ Tgtt
  • 1,863
  • 24
  • 8
0

You can use this simple one:

define('someprop', 0);

and

echo someprop; // output 0

Ian
  • 74
  • 7
-1

Here it is

<?php
$server = "localhost";
$username = "root";
$password = "";
$db = "your_db_name";


$conn = mysqli_connect($server, $username, $password, $db);

if(!$conn){
   die('Error in connecting to server or Database');
 }
?>
neel_G_ji
  • 17
  • 2