What ways would you utilize CONSTANTS in php

Question

Starting my ventures in PHP. I am wondering when it would be best to use constants? I feel like it could be used for security reasons:

Do programmers use them for security purposes? and if so in what ways?

Answer 1

Constants are really helpful while writing a PHP application. From writing queries to logic you can make a good use of constants. I would classify their use as following:

• Using a value throughout the code:- Lets say you have a system of active and inactive elements a nd you represent them as 1 and 0. Now you use it in your logic in many files. Tommorow you want to change the values of Active an Inactive. Now if you have not made it as a constants you would go to each and every file using them and change there otherwise just changing the constants would do.

• For hiding inner details:- Sometimes, we do not want to reveal even if the code is exposed that what is the logic. Like this statement if a bit hard to decode:

  if($status==ACTIVE) than if($status==1)

• Maintainability:- You have a new developer in your team and he is undergoing code study. Now its easy for him to understand the things as well.

There may be a few points i may be missing but i guess this tells the importance of constants.

Answer 2

No, They don't use it for security reasons.

Constants are same here as in Math,

• In variables you save values and you keep changing it according to needs.
• In constants you save value and you keep it unchanged through out the application/script/flow

For Example: You can save any API Key, like Google-Analytic's key, or any default values such as some API's url, etc.

For more have a look at docs http://us3.php.net/constant

Hope this answers your question

Answer 3

I totally agree with Sankalp Mishra's answer! Let me give you one example where i used constants in my recent works. I've been working on lots of API's and one such is the Google Places API.

Google API's response contains a field called status which have the following values:

OK indicates that no errors occurred; the place was successfully detected and at least one result was returned.
UNKNOWN_ERROR indicates a server-side error; trying again may be successful.
ZERO_RESULTS indicates that the reference was valid but no longer refers to a valid result. This may occur if the establishment is no longer in business.
OVER_QUERY_LIMIT indicates that you are over your quota.
REQUEST_DENIED indicates that your request was denied, generally because of lack of a sensor parameter.
INVALID_REQUEST generally indicates that the query (reference) is missing.
NOT_FOUND indicates that the referenced location was not found in the Places database.

I created a class containing all the Google constats this way :

<?php 

class GooglePlacesCallStatus {

    const STATUS_OK = 'OK';
    const STATUS_ZERO_RESULTS = 'ZERO_RESULTS';
    const STATUS_OVER_QUERY_LIMIT = 'OVER_QUERY_LIMIT';
    const STATUS_REQUEST_DENIED = 'REQUEST_DENIED';
    const STATUS_INVALID_REQUEST = 'INVALID_REQUEST';
    const STATUS_UNKNOWN_ERROR = 'UNKNOWN_ERROR';
    const STATUS_NOT_FOUND = 'NOT_FOUND';

}

?>

This helped me to match the constants from the class to the response status value and accordingly do the necessary process or handle errors. This becomes very easy and helps you avoid unnecessary values to be used in code and helps readability.

Answer 4

My opinion is that constants in PHP are no different than constants in other programming languages. They are best used to provide "constant" values like "magic" numbers used in equations. Certainly something like:

define('PI', 3.14);
$radius = 11;
$area = PI * $radius * $radius;

Makes for some nice, self documenting code. It's especially valuable if you're using that constant in many different places, so that if you decide to change the constant to 3.14159, then you only have to do it in that define.

With that said, php constants have some drawbacks to them.

For example, you can't interpolate them in a string like you can a regular variable, so most people avoid string constants for that reason.

They also are globals, and it's not all that great to have tons of global constants floating around all the time, not to mention the organizational hassle of having to include or require a file that contains these constant definitions whenever you need to use them. In the era of PSR-0, component libraries and autoloaders, constants are a hassle.

I also don't find a security argument that compelling. Yes, constants can not be changed once they are defined, however, that doesn't make a constant any less likely to be exposed than a regular variable. Most libraries will opt for a configuration file that perhaps contains an array or singleton object with database credentials, rather than a bunch of ugly looking constants like DB_USERNAME, DB_PASSWORD, DB_NAME etc., and these constants have to be named with some sort of convention in order for you to figure out where they go, and what they represent.

If you really do have a magic number or constant numeric value, then I'd consider using a php constant, but I think you'll find that they are often cumbersome and more trouble than they're worth most of the time.