Hy martinco,
Normally configuration files use variables, language files arrays and defines are left for more "constant" things like paths.
Some other tips to add to the previous post:
- Don't use "include" or "require" ... always use include_once or require_once ( require is to be used when you want to application to send a Fatal Error if the file does not exist )
- Beware invalid $GLOBALS patterns ( like _post, _get, etc... ). I personally use a function like the one posted bellow to help identify this kinda "exploit" attempts
Code: Select all
function clean( $array ) {
static $banned = array( '_cookie' , '_env' , '_files' , '_get' , '_post' , '_request' , '_server' , '_session' , 'globals' );
foreach( $array AS $key=>$value ) {
$notAllowed = in_array( strtolower( $key ) , $banned ); // PHP GLOBALS injection bug
if( $notAllowed ) die( 'Invalid pattern in global array' );
}
}
Personally, I use classes to create the configuration, this way I can access them anywhere I need by simply doing a class::getValue( variableName );
Example
Code: Select all
class config {
var $db_user = "bla";
function getValue( $var , $default ) {
$result = $default;
if( isset( $this->$var ) ) $result = $this->$var;
return $result;
}
}
and calling the configuration items like
Code: Select all
$var = config::getValue( 'db_user' , 'root' );
This is a suggestion, some may disagree other agree... but I believe it can help if the configuration variables are values and not expressions.
Best regards,
Miguel Simões