6

I have a config.inc file in a web application that I am building. It contains an array with configuration values for things like the MySQL database, etc. I would like these to be entered by using a simple form, that asks for the server, login/password for the database, etc, then these get written to the configuration file.

Is there a preferred method of doing this? I am not sure how to write to a file, and update an array.

Improve this question
6
  • whatever you do that file ought to be out of the path of viewable webpages to make sure the information is well protected. Commented Feb 7, 2010 at 21:34
  • Yes, I made sure of that, it is not accessible by Apache. Commented Feb 7, 2010 at 21:39
  • How would you write it if Apache can not even access it? :) Commented Feb 7, 2010 at 22:18
  • Sorry, I meant not publicly accessible. Commented Feb 7, 2010 at 22:30
  • @Svish: been some time since I wrote that comment, but I assume that by "simple form", he means a web form. Commented Dec 7, 2010 at 12:52

8 Answers 8

Reset to default
2

You just want writing, correct? Is it a serialized array or is it parsed?

One way to read a config file is parse_ini_file(). I wouldn't necessarily call it preferred, but it's a method. You'd still need to write the file.

Another way would to write a "config.inc.php" and just include it in, to write it you'd just output actual PHP code (e.g. $var = "myval";).

This is a way you could write a simple "output" function that took an array of configuration values and output them as name=value, assuming $config was an associative array.

foreach ($config as $name => $value) {
   $output .= $name . '=' . $value . "\n";
}

if (!file_put_contents($filename, $output)) {
    die("Error writing config file.");
}

There's a lot of decent ways to do it. It's really based on your requirements. Does it need to be in a specific format or do you have leeway?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

For large scale applications, I usually use parse_ini_file() to parse to config file; or wrap necessary info in an array or text file to do parsing for quick-n-dirty stuff.
1

It is not recommended to modify PHP configuration files via your application, you should use CSV files or a database table. In case you want to save it in a CSV file then I suggest you keep a CSV file for each configuration type (e.g CSV file for database configurations) and always overwrite the previous one using file_put_contents

Save data example:

$csvStructure = array("dbUser","dbPassword","dbHostname","dbPort"); // array used for both loading data and saving it
$csvData = array();

foreach ($csvStructure as $field) {
   $csvData[] = $_POST[$field]; // so it'd get $_POST["dbUser"],$_POST["dbPasword"], etc..
}
file_put_contents("filename",implode("\t",$csvData));

Load data example:

$csvStructure = array("dbUser","dbPassword","dbHostname","dbPort"); // array used for both loading data and saving it
$dbConfig = array();
$csvData = explode("\t",file_get_contents("filename"));    
foreach ($csvStructure as $key => $field) { // $key would have the location of the requested field in our CSV data (0,1,2, etc..).
   $dbConfig[$field] = $csvData[$key]; // populate $dbConfig["dbUser"],$dbConfig["dbPasword"], etc..
}
Improve this answer

Comments

1

I believe using an ini file is a wise option, because user, password, schema, paths, etc. are things that usually will be modified by hand, so using var_export isn't because modifying it by hand it's not so clean and may crash your application if you make a mistake in the PHP syntax.

But parsing big ini files can be expensive, so it would be OK to cache the ini with var_export() or serlialize(). It's a better choice, I think, and read the ini only when the cache file doesn't exists.

Improve this answer

Comments

1

PHP has a dedicated function for this, its called var_export();

Just do:

file_put_contents("config.php",var_export($config,true));
Improve this answer

Comments

0

Well, to write a file, fwrite() php function does exactly what you want. From its PHP.NET documentation page (see example below).

Now, on the question as to what to output to that file - I'm assuming that file will have to be included as a configuration .php file into the rest of the project. I'm imagining you'll do something like this - where you're creating strings with PHP code on the fly, based on the submitted form:

$strDatabaseConfig = "\$databaseConfig = array('" . $_POST['login'] . "," . $_POST['password'] . "');";

And here's the snippet for fwrite:

$filename = 'test.txt';
$somecontent = "Add this to the file\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

    // In our example we're opening $filename in append mode.
    // The file pointer is at the bottom of the file hence
    // that's where $somecontent will go when we fwrite() it.
    if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
    }

    // Write $somecontent to our opened file.
    if (fwrite($handle, $somecontent) === FALSE) {
        echo "Cannot write to file ($filename)";
        exit;
    }

    echo "Success, wrote ($somecontent) to file ($filename)";

    fclose($handle);

} else {
    echo "The file $filename is not writable";
}
Improve this answer

Comments

0

Here's one way: wp-admin/setup-config.php from WordPress.

Improve this answer

Comments

0

I prefer to have a file with a bunch of define statements.

These are constants globally available (and of course immutable) which is what you need for configuration settings.

Constants offer better memory management and efficiency in reading as they don't need the extra memory required by a variable so that it can be changed.

Improve this answer

Comments

-4

Let's say your config.inc file looks like this:

$config = array(
    'blah'  => 'mmm',
    'blah2' => 'www',
    //...
);

You want to update it, so you create a simple form, fill text fields with current values. PHP script that overwrites current configuration could looks like this:

$newConfig = ...; // data from form - of course validate it first
$config = ...;    // data from config.inc

$config = array_merge($config, $newConfig);
file_put_contents('config.inc', '<?php $config = ' . var_export($config, true));

And you're done.

Improve this answer

3 Comments

Posting such dangerous solutions ending with "And you're done" is irresponsible.
@Nic Hubbard: Please make sure you validate all user input and make sure the form for filling this data is 100% secured and only accessible to authorized admins. Remember this file is then included in your application and injecting malicious code into it is damn simple.
If $newConfig comes from trusted source and is validated properly validated then this solution is safe (I wrote that in code). Also until you write something like this: include 'config.inc'; eval($config); it's pretty hard to execute bad code. var_export() will turn any bad code into normal string, so the final result will be same as if you will save your configuration in database. So please present me some example of really dangerous situation or explain why did you vote down.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.