ansaurus

Question

PHP: Is there a correct method for saving config data?

Answer 1

A:

Well, to write a file, fwrite() php function does exactly what you want. From its PHP.NET documentation page (see example below).

Now, on the question as to what to output to that file - I'm assuming that file will have to be included as a configuration .php file into the rest of the project. I'm imagining you'll do something like this - where you're creating strings with PHP code on the fly, based on the submitted form:

$strDatabaseConfig = "\$databaseConfig = array('" . $_POST['login'] . "," . $_POST['password'] . "');";

And here's the snippet for fwrite:

$filename = 'test.txt';
$somecontent = "Add this to the file\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

    // In our example we're opening $filename in append mode.
    // The file pointer is at the bottom of the file hence
    // that's where $somecontent will go when we fwrite() it.
    if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
    }

    // Write $somecontent to our opened file.
    if (fwrite($handle, $somecontent) === FALSE) {
        echo "Cannot write to file ($filename)";
        exit;
    }

    echo "Success, wrote ($somecontent) to file ($filename)";

    fclose($handle);

} else {
    echo "The file $filename is not writable";
}

Alex 2010-02-07 21:40:13

Answer 2

+2 A:

You just want writing, correct? Is it a serialized array or is it parsed?

One way to read a config file is parse_ini_file(). I wouldn't necessarily call it preferred, but it's a method. You'd still need to write the file.

Another way would to write a "config.inc.php" and just include it in, to write it you'd just output actual PHP code (e.g. $var = "myval";).

This is a way you could write a simple "output" function that took an array of configuration values and output them as name=value, assuming $config was an associative array.

foreach ($config as $name => $value) {
   $output .= $name . '=' . $value . "\n";
}

if (!file_put_contents($filename, $output)) {
    die("Error writing config file.");
}

There's a lot of decent ways to do it. It's really based on your requirements. Does it need to be in a specific format or do you have leeway?

Xorlev 2010-02-07 21:42:38

No, it does not need to be in a specific file format.

Nic Hubbard 2010-02-07 22:30:54

For large scale applications, I usually use parse_ini_file() to parse to config file; or wrap necessary info in an array or text file to do parsing for quick-n-dirty stuff.

Jay Zeng 2010-02-07 23:13:40

Answer 3

A:

Let's say your config.inc file looks like this:

$config = array(
    'blah'  => 'mmm',
    'blah2' => 'www',
    //...
);

You want to update it, so you create a simple form, fill text fields with current values. PHP script that overwrites current configuration could looks like this:

$newConfig = ...; // data from form - of course validate it first
$config = ...;    // data from config.inc

$config = array_merge($config, $newConfig);
file_put_contents('config.inc', '<?php $config = ' . var_export($config, true));

And you're done.

Crozin 2010-02-07 21:45:35

Posting such dangerous solutions ending with "And you're done" is irresponsible.

Saggi Malachi 2010-02-07 22:21:53

@Nic Hubbard: Please make sure you validate all user input and make sure the form for filling this data is 100% secured and only accessible to authorized admins. Remember this file is then included in your application and injecting malicious code into it is damn simple.

Saggi Malachi 2010-02-07 22:23:24

If `$newConfig` comes from trusted source and is validated properly validated then this solution is safe (I wrote that in code). Also until you write something like this: `include 'config.inc'; eval($config);` it's pretty hard to execute bad code. [var_export()](http://pl.php.net/manual/en/function.var-export.php) will turn any bad code into normal string, so the final result will be same as if you will save your configuration in database. So please present me some example of really dangerous situation or explain why did you vote down.

Crozin 2010-02-08 13:10:02

Answer 4

A:

Here's one way: wp-admin/setup-config.php from WordPress.

Adam Backstrom 2010-02-07 21:49:20

Answer 5

+1 A:

It is not recommended to modify PHP configuration files via your application, you should use CSV files or a database table. In case you want to save it in a CSV file then I suggest you keep a CSV file for each configuration type (e.g CSV file for database configurations) and always overwrite the previous one using file_put_contents

Save data example:

$csvStructure = array("dbUser","dbPassword","dbHostname","dbPort"); // array used for both loading data and saving it
$csvData = array();

foreach ($csvStructure as $field) {
   $csvData[] = $_POST[$field]; // so it'd get $_POST["dbUser"],$_POST["dbPasword"], etc..
}
file_put_contents("filename",implode("\t",$csvData));

Load data example:

$csvStructure = array("dbUser","dbPassword","dbHostname","dbPort"); // array used for both loading data and saving it
$dbConfig = array();
$csvData = explode("\t",file_get_contents("filename"));    
foreach ($csvStructure as $key => $field) { // $key would have the location of the requested field in our CSV data (0,1,2, etc..).
   $dbConfig[$field] = $csvData[$key]; // populate $dbConfig["dbUser"],$dbConfig["dbPasword"], etc..
}

Saggi Malachi 2010-02-07 21:53:46

Answer 6

+1 A:

I believe using ini file is a wise option, cause user, password, schema, paths, etc are things that usually will modify by hand so use var_export isnt because modify it by hand its not so clean and may crash your application if you mistake in the php sintax. But parse big ini files can be expensive so it would be ok to cache the ini with var_export() or serlialize() its a better choice i think and read the ini only when the cache file doesnt exists.

useless 2010-02-07 22:09:10

ansaurus

tags:

views:

answers:

PHP: Is there a correct method for saving config data?

related questions