What is best practice for global config variable?
Posted: Tue Feb 12, 2008 1:11 pm
I'm trying to tighten my PHP security as well as sharpen my coding practice a bit. My register_globals are ALWAYS off, and for hosted sites (those not on my production server) I have display_errors=Off; and expose_php=Off.
For most of my applications, I have a $config multi-dimensional array variable looking like the following example:
Basically, I include the file containing this $config variable, but for every function I want to have access to it, I need the line:
Is it maybe better to write a static class and access $config like:
I don't feel extremely happy about using the global keyword, it looks like I'm asking for trouble, so my question is if there is a better way to have the $config variable available globally to all my classes/scripts within the application, SAFELY! I am very concerned about people hacking my code, so I want my "globals" to be airtight.
I am currently looking for more secure configuration, and have today written some code to prevent email header injection in my email wrapper class. I'll be taking action against SQL injection more seriously as well, and also using .htaccess more aggressively alongside setting up folder permissions on the web server.
Thanks for the help in advance!
For most of my applications, I have a $config multi-dimensional array variable looking like the following example:
Code: Select all
$config['paths'] = array(
'app' => 'Some Silly App',
'nice-day' => 'most_certainly',
'ice-cream-melts' => 'true',
'lol' => 'you-bet'
);Code: Select all
global $config;Code: Select all
$setting = $Config::app;I am currently looking for more secure configuration, and have today written some code to prevent email header injection in my email wrapper class. I'll be taking action against SQL injection more seriously as well, and also using .htaccess more aggressively alongside setting up folder permissions on the web server.
Thanks for the help in advance!