is this the proper use of auto_prepend_file

Question

Looking at building my first PHP application from the ground up. So pardon the noob question.

Is it proper to use auto_prepend_file to manage common variables like a default db connection or run session_start() or is there a more favorable way to define "application" variables and add session management to every page?

I'm asking because I came across a warning in netbeans when using a variable defined in an include. Searching google I saw a few posts stating that defining the variables in an include was bad practice; so what's the good practice in PHP?

Thanks

Answer 1

Most modern php application layouts do not have the required resources loaded in the code.

Instead most often there is an autloader that parses the requested resource (class name) and loads the correct file. Then most things are encapsulated in objects and classes.

The most common standard now is PSR-0

Configs are mostly stored in config files of various formats, like xml. Then there is often an object that is used to read those configs. From this object the configuration is then obtained to be used in certain places like database connections.

Also those things that get executed are mostly not executed in the code but rather execute themselves by attaching themselves to certain points in a program.

Most php frameworks have a thing called "hooks" or "events". Basically it's nothing else but a simple list with event names and for each entry a list of functions that should be executed.

When some part of the code "fires" it uses a helper class that walks through the entries of the list and executes those as well.

You ask yourself, can't you have loops there? The simple answer is, yes.

The whole idea behind all this stuff is that you have to change no existing code anywhere if you want to bring new code into your application.

Is that good practice? I honestly don't know.

If a project exceeds a certain size and multiple persons are programming on it, some standard may be necessary. And the way not to modify existing code has proven good in practice.

Regarding auto_prepend_file, that is something that I would not do.

I may do it if I have no other way. For example, if I want to execute some code that protects my application from ddos or security injections. And I just do not want to mess with the application itself.

But if I design something from the start, I would not do it.

Why? Maybe I want to switch to a new webserver, or even execute my program in the command line. Then I have a problem if I defined my auto prepending in apache...

Or maybe I have some code where I do not want that at all? Just one file within my application where I just do not want it because I do not need it and it takes up resources or is a security risk?

I often write an application where I have for example the database username and password directly in the function that establishes the link.

Why? Why not? Because I do not want to have it available on a global scale. If it's in the function code, its harder for other, possibly insecure code, to access it.

The very most common mean is to have a config file and just require it somewhere in your application.

Also most modern applications do not have different php files that get loaded by the webserver, so there is no need for having the same code at multiple places.

Instead most modern applications have a single php file (mostly index.php) that serves as a so called "bootstrap" file. The webserver rewrites every request instead of the requests to static resources like images to there, and everything else, like deciding what content to show when looking at the requested url, is handled in the application.