在PHP中存储配置变量的最佳方法是什么?

时间:2022-12-27 20:09:59

I need to store a bunch of configuration information in PHP.

我需要在PHP中存储一堆配置信息。

I have considered the following....

我考虑过以下......

// Doesn't seem right.
$mysqlPass = 'password'; 

// Seems slightly better.
$config = array(
     'mysql_pass' => 'password'
);

// Seems dangerous having this data accessible by anything. but it can't be
// changed via this method.
define('MYSQL_PASSWORD', 'password'); 

// Don't know if this is such a good idea.
class Config
{
    const static MYSQL_PASSWORD = 'password';
}     

This is all I have thought of so far. I intend to import this configuration information into my application with require /config.inc.php.

到目前为止,这是我所想到的。我打算使用require /config.inc.php将此配置信息导入我的应用程序。

What works for you with regard to storing configuration data, and what are best practices concerning this?

什么对存储配置数据有用,有什么最佳实践?

4 个解决方案

#1


7  

I've always gone with option #2 and just ensure that no one but the owner has ANY sort of access to it. It's the most popular method among PHP applications like Joomla, vBulletin, Gallery, and numerous others.

我总是选择#2选项,只是确保除了拥有者之外没有人可以访问它。它是Joomla,vBulletin,Gallery等众多PHP应用程序中最受欢迎的方法。

First method is too messy to me (readability) and the third is WAY too dangerous to do. I've never thought about the Class method, so someone else can provide their input on that one. But I guess it's fine so long as the right access is used on the class' usage.

第一种方法对我来说太乱了(可读性),第三种方法太危险了。我从来没有想过Class方法,所以其他人可以提供他们的输入。但是我觉得只要在课堂上使用正确的访问权限就可以了。


Example..

例..

define('EXAMPLE1', "test1"); // scenario 1
$example2 = "test2"; // scenario 2

function DealWithUserInput($input)
{
   return eval($input);
}

Now this example of code is really dumb, but just an example. Consider what could be returned by the function depending on which scenario the user could try to use in their input.

现在这个代码示例真的很愚蠢,但只是一个例子。考虑函数可以返回的内容,具体取决于用户可以尝试在其输入中使用的场景。

Scenario 2 would only cause an issue if you made it a global within the function. Otherwise it's out of scope and unreachable.

如果您在函数中将其设置为全局,则场景2只会导致问题。否则它超出范围且无法访问。

#2


4  

I'd say it also depends of userbase a bit. If configurations has to be very user friendly or user has to have ability to change config via web etc.

我要说它还取决于用户基础。如果配置必须非常用户友好,或者用户必须能够通过网络等更改配置。

I use Zend Config Ini for this and other settings are stored in SQL DB.

我使用Zend Config Ini进行此操作,其他设置存储在SQL DB中。

#3


1  

I generally use the second method... When handling database connections I generally open a connection at the beginning of the request, then close it at the end. I have a function that establishes the connection, then removes the username/password from the global array (with the unset() function), This prevents other parts of the system from accessing the "sensitive" mysql connection data.

我通常使用第二种方法......当处理数据库连接时,我通常在请求开始时打开一个连接,然后在结束时关闭它。我有一个建立连接的函数,然后从全局数组中删除用户名/密码(使用unset()函数),这可以防止系统的其他部分访问“敏感”的mysql连接数据。

#4


0  

I'm also with option 2 for most config values. If you were going to implement the Class then I would tie the specific values to the Class that it affects instead of a general config Class.

对于大多数配置值,我也使用选项2。如果您要实现Class,那么我会将特定值绑定到它影响的Class而不是一般的配置类。

In your example, your Class would be for database connections and an instance would save the password, db_name, etc. This would encapsulate the data properly and also provide an easy means to create multiple connections if that was ever needed.

在您的示例中,您的类将用于数据库连接,并且实例将保存密码,db_name等。这将正确封装数据,并且如果需要,还提供创建多个连接的简单方法。

#1


7  

I've always gone with option #2 and just ensure that no one but the owner has ANY sort of access to it. It's the most popular method among PHP applications like Joomla, vBulletin, Gallery, and numerous others.

我总是选择#2选项,只是确保除了拥有者之外没有人可以访问它。它是Joomla,vBulletin,Gallery等众多PHP应用程序中最受欢迎的方法。

First method is too messy to me (readability) and the third is WAY too dangerous to do. I've never thought about the Class method, so someone else can provide their input on that one. But I guess it's fine so long as the right access is used on the class' usage.

第一种方法对我来说太乱了(可读性),第三种方法太危险了。我从来没有想过Class方法,所以其他人可以提供他们的输入。但是我觉得只要在课堂上使用正确的访问权限就可以了。


Example..

例..

define('EXAMPLE1', "test1"); // scenario 1
$example2 = "test2"; // scenario 2

function DealWithUserInput($input)
{
   return eval($input);
}

Now this example of code is really dumb, but just an example. Consider what could be returned by the function depending on which scenario the user could try to use in their input.

现在这个代码示例真的很愚蠢,但只是一个例子。考虑函数可以返回的内容,具体取决于用户可以尝试在其输入中使用的场景。

Scenario 2 would only cause an issue if you made it a global within the function. Otherwise it's out of scope and unreachable.

如果您在函数中将其设置为全局,则场景2只会导致问题。否则它超出范围且无法访问。

#2


4  

I'd say it also depends of userbase a bit. If configurations has to be very user friendly or user has to have ability to change config via web etc.

我要说它还取决于用户基础。如果配置必须非常用户友好,或者用户必须能够通过网络等更改配置。

I use Zend Config Ini for this and other settings are stored in SQL DB.

我使用Zend Config Ini进行此操作,其他设置存储在SQL DB中。

#3


1  

I generally use the second method... When handling database connections I generally open a connection at the beginning of the request, then close it at the end. I have a function that establishes the connection, then removes the username/password from the global array (with the unset() function), This prevents other parts of the system from accessing the "sensitive" mysql connection data.

我通常使用第二种方法......当处理数据库连接时,我通常在请求开始时打开一个连接,然后在结束时关闭它。我有一个建立连接的函数,然后从全局数组中删除用户名/密码(使用unset()函数),这可以防止系统的其他部分访问“敏感”的mysql连接数据。

#4


0  

I'm also with option 2 for most config values. If you were going to implement the Class then I would tie the specific values to the Class that it affects instead of a general config Class.

对于大多数配置值,我也使用选项2。如果您要实现Class,那么我会将特定值绑定到它影响的Class而不是一般的配置类。

In your example, your Class would be for database connections and an instance would save the password, db_name, etc. This would encapsulate the data properly and also provide an easy means to create multiple connections if that was ever needed.

在您的示例中,您的类将用于数据库连接,并且实例将保存密码,db_name等。这将正确封装数据,并且如果需要,还提供创建多个连接的简单方法。