Reputation: 22565
can I use .ini for configuration file in PHP?
My friend asked me to update a PHP application that his company uses. I found out that the application uses .ini extension for DB configuration file. The file contains DB host address, username, and password!!. The problem is that I can access the file on web-browsers.
I am trying to understand why. Is there any particular reasons to use a regular php file with .ini extension??? I just don't get it.
Upvotes: 2
Views: 1279
Answers (5)
Reputation: 12323
Readability is one of the main reasons I've used ini filies for php script configs in the past. People who are not coders have run into an ini file at least once before, and can understand what it is much easier than even a simple php file.
The issue of ini files being readable by everyone can be prevented by server side configuration, or even better, by simply adding a single line of code inside a comment line at the top of the file.
That way php will output an 'Direct access forbidden' when the file is accessed via a browser, and the ini file will continue to function as before.
Upvotes: 3
Reputation: 4551
INI files are just one way of dealing with configuration, perhaps the developer came from a Windows-developing background and used whatever he was familiar with :). Besides, PHP offers a convenient way of parsing INI files through the parse_ini_file function.
You'll want to make sure the .INI file is not accessible from the web though. Move it below the docroot so your PHP script can still access it, but random browsers cannot.
Upvotes: 3
Reputation: 11
Seems like this is just former programmer's wish to use different file type for configuration. If there is no other uses for this file, rename it to *.php and forget it. If not, configure webserver to parse ini as php or, better, move it to directory, not reachable from web-server.
Upvotes: 1
Reputation: 2576
You can use Zend_Config_Ini. It is comfortable and easy. Just simply do not put config files where any user can reach them (for example public_html).
Upvotes: 3
Reputation: 258128
For what it's worth, PHP has traditionally used php.ini to configure PHP. So maybe it's some kind of legacy thing?
Upvotes: 1
Related Questions
- how to use php with ini files
- Can PHP set it ini file at runtime?
- create ini file, write values in PHP
- Can I have multiple php.ini files?
- my_config.ini vs my_config.php
- PHP custom *.ini file
- Can I create my own php.ini file?
- How to use a configuration file for controlling variables
- Is it advisable to use ini files to configure a framework?
- Using config.ini for a project