What is the best way to store configuration variables in PHP?-ThrowExceptions

Exception or error:

I need to store a bunch of configuration information in PHP.

I have considered the following….

// Doesn't seem right.
$mysqlPass = 'password'; 

// Seems slightly better.
$config = array(
     'mysql_pass' => 'password'

// Seems dangerous having this data accessible by anything. but it can't be
// changed via this method.
define('MYSQL_PASSWORD', 'password'); 

// Don't know if this is such a good idea.
class Config
    const static MYSQL_PASSWORD = 'password';

This is all I have thought of so far. I intend to import this configuration information into my application with require /config.inc.php.

What works for you with regard to storing configuration data, and what are best practices concerning this?

How to solve:

I’ve always gone with option #2 and just ensure that no one but the owner has ANY sort of access to it. It’s the most popular method among PHP applications like Joomla, vBulletin, Gallery, and numerous others.

First method is too messy to me (readability) and the third is WAY too dangerous to do. I’ve never thought about the Class method, so someone else can provide their input on that one. But I guess it’s fine so long as the right access is used on the class’ usage.


define('EXAMPLE1', "test1"); // scenario 1
$example2 = "test2"; // scenario 2

function DealWithUserInput($input)
   return eval($input);

Now this example of code is really dumb, but just an example. Consider what could be returned by the function depending on which scenario the user could try to use in their input.

Scenario 2 would only cause an issue if you made it a global within the function. Otherwise it’s out of scope and unreachable.


I’d say it also depends of userbase a bit. If configurations has to be very user friendly or user has to have ability to change config via web etc.

I use Zend Config Ini for this and other settings are stored in SQL DB.


I generally use the second method… When handling database connections I generally open a connection at the beginning of the request, then close it at the end. I have a function that establishes the connection, then removes the username/password from the global array (with the unset() function), This prevents other parts of the system from accessing the “sensitive” mysql connection data.


I’m also with option 2 for most config values. If you were going to implement the Class then I would tie the specific values to the Class that it affects instead of a general config Class.

In your example, your Class would be for database connections and an instance would save the password, db_name, etc. This would encapsulate the data properly and also provide an easy means to create multiple connections if that was ever needed.

Leave a Reply

Your email address will not be published. Required fields are marked *