Page 1 of 1

config.php file to hold db conection information

Posted: Fri Jun 29, 2007 4:44 pm
by martinco
hi!

i'm starting to deal with php+mysql, so i think this is a simple question for you.

i'm scripting a very simple chat for a website, using ajax, php, and mysql. i have a _install.php file that asks the user for some information: db name, db user, db password, etc.

I wanted you to help me and recommend how should i write a configuration file (config.php) and how to read it to obtain the information. i want to hear your ideas :wink: Are there some "good practices", design patterns, standards?

thanks!

"Pura Vida!"

Posted: Fri Jun 29, 2007 6:55 pm
by Ambush Commander
Ooh, this is an interesting topic. Some tricks:

- Make sure you authenticate the user before doing anything. Generally, DB credentials work well for this purpose
- Keep it simple. Ideally, you shouldn't need to bootstrap the application to install it.
- Check for: PHP version, database support, magic quotes (especially the more vicious subvariants like sybase and runtime), register globals, and anything else your application might need
- If writing a PHP configuration file, make sure you escape your variables properly. Something like (this is from MediaWiki):

Code: Select all

function escapePhpString( $string ) {
	return strtr( $string,
		array(
			"\n" => "\\n",
			"\r" => "\\r",
			"\t" => "\\t",
			"\\" => "\\\\",
			"\$" => "\\\$",
			"\"" => "\\\""
		));
}
Works well.

- Add docs to the config file so users can change things later on
- Put the schemas in .sql files and have the installer load them up

Hmm... that's all I can think of for now.

Posted: Tue Jul 03, 2007 7:25 pm
by martinco
let's say i want to have a separate file called "config.php" to hold all the necesary values for making the mysql connection.
how this file look like? should i use define? variables?

and how should y access that values from other file? with include, request, etc ?

i'm a newbie in this.

thankx

Yep!

Posted: Tue Jul 03, 2007 7:57 pm
by undecided name 01
Once you get the db-account information from the user,
you can generate your "config.inc.php" at run-time or
fill-in your raw "config.inc.php" with given information.

Code: Select all

$handle = fopen ("config.inc.php", "w");
Your installed application may include this file later.
Here comes a sample config.inc.php:

Code: Select all

if (defined('IS_INCLUDED_CONFIG')) return;
define ('IS_INCLUDED_CONFIG', TRUE);

$cfg = array();

// MySQL Settings
$cfg['mysql']['host'] = "%s";
$cfg['mysql']['username'] = "%s";
$cfg['mysql']['password'] = "%s";
$cfg['mysql']['db_name'] = "%s";
$cfg['mysql']['tables_prefix'] = "%s";
P.S.
Some functions which you may find useful here:
fopen(), file_get_contents(), is_writable(), sprintf(), fwrite() and fclose().

Posted: Tue Jul 03, 2007 8:01 pm
by msimoes
Hy martinco,

Normally configuration files use variables, language files arrays and defines are left for more "constant" things like paths.

Some other tips to add to the previous post:

- Don't use "include" or "require" ... always use include_once or require_once ( require is to be used when you want to application to send a Fatal Error if the file does not exist )
- Beware invalid $GLOBALS patterns ( like _post, _get, etc... ). I personally use a function like the one posted bellow to help identify this kinda "exploit" attempts

Code: Select all

function clean( $array ) {
     static $banned = array( '_cookie' , '_env' , '_files' , '_get' , '_post' , '_request' , '_server' , '_session' , 'globals' );

     foreach( $array AS $key=>$value ) {
       $notAllowed = in_array( strtolower( $key ) , $banned );      // PHP GLOBALS injection bug

       if( $notAllowed ) die( 'Invalid pattern in global array' );
     }
   }

Personally, I use classes to create the configuration, this way I can access them anywhere I need by simply doing a class::getValue( variableName );

Example

Code: Select all

class config {
  var $db_user = "bla";

  function getValue( $var , $default ) {
   $result = $default;

   if( isset( $this->$var ) ) $result = $this->$var;

    return $result;
  }
}
and calling the configuration items like

Code: Select all

$var = config::getValue( 'db_user' , 'root' );

This is a suggestion, some may disagree other agree... but I believe it can help if the configuration variables are values and not expressions.



Best regards,
Miguel Simões

Posted: Tue Jul 03, 2007 8:04 pm
by toasty2
For storing settings/information, you might want to consider the ini approach:

settings.php:

Code: Select all

;<?php exit; ?>
db=""
dbuser=""
dbpass=""
dbhost=""
;etc..
And then use parse_ini_file() on the settings.php. It works very well for me.

Posted: Tue Jul 03, 2007 9:02 pm
by undecided name 01
In addition, once you have access to the database, you no longer need to store other settings in a single text file. For example, phpBB uses database to store other information in a table with two columns (config_name, config_value).

Posted: Tue Jul 03, 2007 10:21 pm
by toasty2
Yes he will, he has to store the database credentials for his script to use.

Posted: Thu Jul 05, 2007 7:06 am
by Ambush Commander
Another helpful trick: compact() is quite tasty, and will allow to write configuration files without needing to constantly specify the array syntax.

Posted: Thu Jul 05, 2007 7:51 am
by stereofrog
var_export() might be also helpful

Posted: Thu Jul 05, 2007 1:02 pm
by RobertGonzalez
+1 ini file. I like that method.

Posted: Thu Jul 05, 2007 9:37 pm
by toasty2
Yeah, the ini method is good for scripts you will be sharing, its easier for users to edit.