stackoom
  简体   繁体   中英

PHP write and save database credentials - Best practise

 原文  2011-02-22 12:22:07       php/ database/ installation

Question

I would like to write a setup script for my PHP application, which dose a minimum requirements check, gets the DB credentials, DB prefix and saves them, creates the db tables and so on. Now I would like to know what is the best practise to write and save the DB credentials? Write them as an array into a .php file and? Or into an XML file?

3 answers

solution1
 2 ACCPTED  2011-02-22 12:29:23

I don't think there is a best practise for this, there are so many ways people use configuration files. Some use PHP arrays, some use XML files, some use INI files, some use JSON files and I'm sure some people create proprietary formats.

What you do want to take in account is, where will you store this file. If it is in the document root, people could request it. XML/INI/JSON files are plain-text and by default, will make it easy for people to 'retrieve' the file contents. PHP will be parsed server side so just returns an empty page.

Ideally you'd store the configuration file outside of the document root, but not all webhosts allow you to do so. So I'd say, if you want to release an application people can install themselves easily, a PHP file might be the easiest way to go.

solution2
 1  2011-02-22 12:29:04

Write them as an array into a .php file. This satisfies speed (no xml parser and file touching is needed per-page), and security (.php files don't get served as text like your xml would).

I also tend to put the private.php that contains my mysql credentials in the directory above the http root, and load it like require_once("../private.php");

solution3
 0  2011-02-22 12:33:30

You are asking about setting up the environment, correct? If that is the case, then it depends on the script or build system itself. We are using Ant where such configuration is stored in build.properties . For example: 

# database credentials
db.host=localhost
db.user=root
db.pass=root
db.name=db_name

This file is working copy specific and as such is not a part of our VC, however, build.properties.dist is. This way A's local settings don't override B's.

If the question is about something else, please, do tell :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Best practise to include class in php Best php practise display errors Best practice securing SQL Database Credentials with PHP Best practise to reset a database index once a year? Best practise to execute long running PHP scripts PHP - Populating aggregated objects - Best Practise PHP global variable scope usage best practise The best practise when to use PHP exception handling PHP output buffering? What's the best practise? PHP which is the best practise of header location
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM