config.php file to hold db conection information

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
martinco
Forum Newbie
Posts: 18
Joined: Mon Jun 25, 2007 10:06 pm
Location: Costa Rica

config.php file to hold db conection information

Post by martinco »

hi!

i'm starting to deal with php+mysql, so i think this is a simple question for you.

i'm scripting a very simple chat for a website, using ajax, php, and mysql. i have a _install.php file that asks the user for some information: db name, db user, db password, etc.

I wanted you to help me and recommend how should i write a configuration file (config.php) and how to read it to obtain the information. i want to hear your ideas :wink: Are there some "good practices", design patterns, standards?

thanks!

"Pura Vida!"
Last edited by martinco on Tue Jul 03, 2007 7:37 pm, edited 1 time in total.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Ooh, this is an interesting topic. Some tricks:

- Make sure you authenticate the user before doing anything. Generally, DB credentials work well for this purpose
- Keep it simple. Ideally, you shouldn't need to bootstrap the application to install it.
- Check for: PHP version, database support, magic quotes (especially the more vicious subvariants like sybase and runtime), register globals, and anything else your application might need
- If writing a PHP configuration file, make sure you escape your variables properly. Something like (this is from MediaWiki):

Code: Select all

function escapePhpString( $string ) {
	return strtr( $string,
		array(
			"\n" => "\\n",
			"\r" => "\\r",
			"\t" => "\\t",
			"\\" => "\\\\",
			"\$" => "\\\$",
			"\"" => "\\\""
		));
}
Works well.

- Add docs to the config file so users can change things later on
- Put the schemas in .sql files and have the installer load them up

Hmm... that's all I can think of for now.
User avatar
martinco
Forum Newbie
Posts: 18
Joined: Mon Jun 25, 2007 10:06 pm
Location: Costa Rica

Post by martinco »

let's say i want to have a separate file called "config.php" to hold all the necesary values for making the mysql connection.
how this file look like? should i use define? variables?

and how should y access that values from other file? with include, request, etc ?

i'm a newbie in this.

thankx
User avatar
undecided name 01
Forum Newbie
Posts: 12
Joined: Mon Jul 02, 2007 9:25 am
Contact:

Yep!

Post by undecided name 01 »

Once you get the db-account information from the user,
you can generate your "config.inc.php" at run-time or
fill-in your raw "config.inc.php" with given information.

Code: Select all

$handle = fopen ("config.inc.php", "w");
Your installed application may include this file later.
Here comes a sample config.inc.php:

Code: Select all

if (defined('IS_INCLUDED_CONFIG')) return;
define ('IS_INCLUDED_CONFIG', TRUE);

$cfg = array();

// MySQL Settings
$cfg['mysql']['host'] = "%s";
$cfg['mysql']['username'] = "%s";
$cfg['mysql']['password'] = "%s";
$cfg['mysql']['db_name'] = "%s";
$cfg['mysql']['tables_prefix'] = "%s";
P.S.
Some functions which you may find useful here:
fopen(), file_get_contents(), is_writable(), sprintf(), fwrite() and fclose().
msimoes
Forum Newbie
Posts: 5
Joined: Tue Jul 03, 2007 8:24 am

Post by msimoes »

Hy martinco,

Normally configuration files use variables, language files arrays and defines are left for more "constant" things like paths.

Some other tips to add to the previous post:

- Don't use "include" or "require" ... always use include_once or require_once ( require is to be used when you want to application to send a Fatal Error if the file does not exist )
- Beware invalid $GLOBALS patterns ( like _post, _get, etc... ). I personally use a function like the one posted bellow to help identify this kinda "exploit" attempts

Code: Select all

function clean( $array ) {
     static $banned = array( '_cookie' , '_env' , '_files' , '_get' , '_post' , '_request' , '_server' , '_session' , 'globals' );

     foreach( $array AS $key=>$value ) {
       $notAllowed = in_array( strtolower( $key ) , $banned );      // PHP GLOBALS injection bug

       if( $notAllowed ) die( 'Invalid pattern in global array' );
     }
   }

Personally, I use classes to create the configuration, this way I can access them anywhere I need by simply doing a class::getValue( variableName );

Example

Code: Select all

class config {
  var $db_user = "bla";

  function getValue( $var , $default ) {
   $result = $default;

   if( isset( $this->$var ) ) $result = $this->$var;

    return $result;
  }
}
and calling the configuration items like

Code: Select all

$var = config::getValue( 'db_user' , 'root' );

This is a suggestion, some may disagree other agree... but I believe it can help if the configuration variables are values and not expressions.



Best regards,
Miguel Simões
Last edited by msimoes on Tue Jul 03, 2007 8:05 pm, edited 1 time in total.
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

For storing settings/information, you might want to consider the ini approach:

settings.php:

Code: Select all

;<?php exit; ?>
db=""
dbuser=""
dbpass=""
dbhost=""
;etc..
And then use parse_ini_file() on the settings.php. It works very well for me.
User avatar
undecided name 01
Forum Newbie
Posts: 12
Joined: Mon Jul 02, 2007 9:25 am
Contact:

Post by undecided name 01 »

In addition, once you have access to the database, you no longer need to store other settings in a single text file. For example, phpBB uses database to store other information in a table with two columns (config_name, config_value).
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

Yes he will, he has to store the database credentials for his script to use.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Another helpful trick: compact() is quite tasty, and will allow to write configuration files without needing to constantly specify the array syntax.
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

var_export() might be also helpful
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

+1 ini file. I like that method.
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

Yeah, the ini method is good for scripts you will be sharing, its easier for users to edit.
Post Reply