What is the best approach to storing a group of global settings for a custom PHP application? I am working on a personal project (first major one really), and need a method of storing key-value pairs for recording overall settings for the application.
Things to store as...
Website's Global Name.
Theme (just a variable, or path to theme)
etc
Should I just keep them in one table? If so what is the best way to query them from a boostrap? Besides doing a single query for each desired setting.
UPDATE:
Yes a .ini or parsing an include file would be nice, and I know how to do it that way. But I wanted to know what would be the best approach to storing them in MySQL with everything else.
UPDATE2:
The reason I ask this also is I plan for a lot of these settings to be changeable through the Administrator interface. So if you were to change the Title of the site, it would be updated right away, which I figured would be best to do through SQL, thus needing setting inside the DB.
For a single, small, simple site, I'd just put config in a PHP file. Keep it simple. PHP probably doesn't parse anything faster than it parses PHP. If you use APC, the compiled bytecode is even cached -- although the bytecode is then re-executed for every request. For a small config file, this bytecode execution should take very little time; for a very large file, it might take a bit longer.
For high-traffic sites with large configs, caching your config data in APC (e.g. as a single array) is a good idea -- at the very least, you save the overhead of actually executing the statements in your config.php file. Notably, facebook does this. When you're serving many requests per second, hitting the disk to read a config file (using parse_ini_file, an XML parser, etc.) on every request is out of the question.
For my current project, we host many sites, each with their own config. Each site had both a database and a config file; however, making sure you're always using the right config file with the right database can become a headache. Additionally, changes would require changing things in two places -- the db and the config. Forgetting one or the other always caused problems, and it happened far too frequently.
We moved the config into the database, so that you can't possibly separate a db from it's correct config, and any code changes only require updating the database. The data from the config table is also aggressively cached in APC, so we query it rarely.
So, to recap:
Small site: just use a config.php file
Very large site: cache in APC
Multiple sites: store config in database to reduce administration overhead; cache in APC to reduce database hits
Have you thought about putting them in a .php file and including it on the pages you need to use them? Give the variables a unique name so avoid naming conflicts.
Since you'll be using them repeatedly in your PHP application, this would be most ideal. This also avoids the need to make database calls if you were to store them in a database.
AppSettings.php
<?php
$_SITENAME_ = 'MyWebsite';
$_THEME_ = 'Theme/Path';
?>
UPDATE:
I assume you want these settings to be editable via a web page and don't want multiple DB Queries since these settings will change, but not too often?
One approach I personally took was to serialize the AppSettings table and store it in a XML file. Of course, every time the table is updated, the table would be reserialized and stored in the XML file. Then I created a separate class that parses the XML file and returns the specific values I needed.
We just use
$siteConfig['db_name'] = 'database1';
$siteConfig['site_name'] = 'Stackoverflow';
In a included php file. Putting the values in a array helps with name conflicts.
i understand you want to keep things in a mysql table, however, that likely means storing required configuration in multiple places. for example, i'm sure you'll want the database server and name stored in a string somewhere. that means putting those in an include or .ini file since you can't read them from a database (how can you connect to the database without knowing those things). so, you'd be keeping the db connection info in an include or .ini file and the rest of the settings in the database? that works, i suppose, but i like to keep all of the settings in one file (config.php or application.ini or whatever). it makes it easier to maintain imo.
-don
Just got done chatting with a few people on IRC about this. I looked at how Wordpress handled this after I pulled up a SQL dump of one copy. I think I'll use this layout and rename the columns a bit. But the idea is...
option_id | option_name | option_value | autoload
int | varchar | longtext | varchar
(PRIMARY) | (UNIQUE) | |
I liked Microsoft.Net's web.config ConfigurationManager.appSettings and how that worked. So I mimicked it and kinda made it better. It
Works in any environment without having to swap files (which I always forget, especially when deploying on Friday at 4:59 p.m.)
Is self documenting on what the function call is
Can handle global settings with *
<?php
namespace Library {
// the config depends on the environment, and the environment depends on the website url
class Configuration {
private static $environment;
public static function GetEnvironment(){
if(empty(Configuration::$environment)){
// returns 'dev' or 'prod'
switch($_SERVER['SERVER_NAME']){
case 'innitech.com':
Configuration::$environment = 'prod';
default:
Configuration::$environment = 'dev';
}
}
return Configuration::$environment;
}
private const settings = [
"dev" => [
'dbserver' => 'localhost',
'database' => 'mydb',
'dbuser' => 'myuser',
'dbpassword' => 'mypass',
'dbdebug' => false,
'trace' => true
],
'prod' => [
'dbserver' => 'sql1.innitech.com',
'database' => 'blahinc',
'dbuser' => 'proddb',
'dbpassword' => 'ButIWasToldiDgETaStApLer',
],
'*' => [
'adminemail' => 'admins#innitech.com',
'adminphone' => '123456789',
'dbdebug' => false,
'trace' => false
]
];
public static function Setting($name){
return self::setting[self::GetEnvironment()][$name] ??
self::setting['*'][$name];
}
}
}
?>
Usage
$conn = new mysqli(Configuration::Setting('dbserver'), Configuration::Setting('dbuser'), Configuration::Setting('dbpassword'), Configuration::Setting('database'));
What has mentioned before, is true. I like the one more than the other, but I mostly use another way of storing my configuration.
I never use a database as the place to store my settings, because that would create a lot of data transfers, which can make the application a little more insecure- in my opinion. Besides, some application hosts (like Amazon's AWS and Google's Cloud Platform) limit the read/write actions to a database.
Therefore, I mostly use this method:
Firstly, I create a file config/settings.php with the following contents:
<?php
return [
'database' => [
'host' => 'localhost',
'port' => 3006,
'user' => 'username',
'password' => // your secret password
],
'application' => [
'name' => 'Your site\'s name',
'version' => '1.0-dev'
]
]
When you want to use this in you index.php file, add the following line in it:
$config = include('./config/settings.php');
I hope this can add some information for you or others.
I generally within my index.php file set up the "required" settings so:
<?php
session_start();
ob_start();
define('BASEPATH', $_SERVER['DOCUMENT_ROOT'].'/_setUp/siteSetup/'); // CHANGE TO THE PATH OF THE SITE.
define('URIPATH', 'http://localhost/_setUp/siteSetup/'); // CHANGE TO THE URL OF THE SITE.
define ('DEBUGGER', true); // CHANGE TO FALSE TO HIDE DEBUG MESSAGES
include(BASEPATH.'system/lib/config.lib.php');
?>
and within my config file:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
// public
/*
example:
<img src="<?php echo IMG ?>my_image.jpg">
http://localhost/public/images/
<img src="http://localhost/public/images/my_image.jpg">
*/
define('CSS', URIPATH.'public/css/'); // DEFINE DIR: css
define('IMG', URIPATH.'public/images/'); // DEFINE DIR: images
define('JS', URIPATH.'public/scripts/'); // DEFINE DIR: scripts
// system
define('INC', BASEPATH.'system/includes/'); // DEFINE DIR: includes
define('LIB', BASEPATH.'system/lib/'); // DEFINE DIR: lib
define('SQL', BASEPATH.'system/sql/'); // DEFINE DIR: sql
if (DEBUGGER) {
ini_set('log_errors',TRUE);
ini_set("error_log", BASEPATH.'system/'."error_log.txt");
}
else {
ini_set('log_errors',TRUE);
ini_set("error_log", BASEPATH.'system/'."error_log.txt");
}
$db_info = array(
'host' => 'localhost',
'username' => 'root',
'password' => 'root',
'database' => 'my_db'
);
/*
to use:
$db_info = unserialize(DB_INFO);
echo $db_info['host'];
echo $db_info['username'];
echo $db_info['password'];
echo $db_info['database'];
*/
define('DB_INFO', serialize($db_info));
?>
A decent approach would be to fetch commonly used settings once per page, via database. Something like keeping a autoload bool field that checks whether the setting should be loaded with the page. For other, much less commonly fetched settings, you can fetch them over the air.
If you decide to cache them all instead of fetching for every page, you might want to think of a way to notify the script to reload the settings -- or you'd have to manually tell it to do so, so you wouldn't get stuck with old settings after changing some.
I'm working with a system that does store its settings in the database.
My advice in short: Do not do it!
Storing the settings in the database means, whenever we have to move the database, e.g. from production to development, we also have to update all the settings, or the dev system might start sending e-mails (did happen--made front-page news...) or interact with production systems (also happened--saved by backups...)
So, no, never store the configuration in the database!
When you store the settings in a file, local to the environment (dev, test, prod) you can move the database around at your leisure, always assured the settings will be picked up from the file in the respective environment.
Update: Giving it some more thought I'd probably go for a combination of a table (non-lethal information without server info or integration info or anything else that will kill you if it isn't environment specific) and a .ini-file (or several).
The rule would be that a key in a .ini-file would always override anything stored in the table (to prevent above disasters, maybe even make that key "read-only" from any UI).
If you want to get extra fancy you might even add value types; boolean represented as a checkbox, dates with a date selector, even select boxes with separated option values, and of course ints that would have to be numbers even if the table might store them as strings.
Then I'd look into using some form of memory-based caching if reading the settings got slow.
Related
Just looking for some tips if this is good enough or if i should do anything different to "hide" my database credentials. Been searching for a long time. I have found alot of ways to do this and feel everyone does it a different way. So wondering if this is good enough. Thank you.
Right now I'm storing a config.ini file with my database credentials outside of the public directory.
Then inside the public directory I got a folder name db_includes. This is where i have my db connection php file. This is the code for the database connection.
$config = parse_ini_file('../../private/config.ini');
$db = new \PDO('mysql:dbname='.$config['DB_NAME'].';host='.$config['DB_SERVER'].';charset=utf8mb4', ''.$config['DB_USERNAME'].'', ''.$config['DB_PWD'].'');
Also inside the db_includes folder i got a .htaccess file that has "deny from all" so its not possible to get to that db_includes folder or the database connection file.
Is this good or should i also move the database connection file outside of the public directory and just call it when i need it?
There's a few ways of doing it. First, I recommend using a PHP file to store the credentials, this way if your htaccess fails, the php file will be parsed anyway and your credentials won't appear:
config.php:
<?php
return [
"DB_NAME" => "database",
"DB_USER" => "user"
// ...
];
Wherever you need:
$config = require "path/to/config.php";
$db = new \PDO('mysql:dbname='.$config['DB_NAME'].';host='.$config['DB_SERVER'].';charset=utf8mb4', ''.$config['DB_USERNAME'].'', ''.$config['DB_PWD'].'');
If possible, keep it outside your public folder as it is a good way to make it safe.
Remember that if your database and server is well configured and safe enough you don't need to worry about database credentials.
I mass produce very similar sites, meaning they all use the same basic components, pages and are all single industry specific. These are my low end deeply discounted site designs. None of these sites ever get more than 20-30 visitors a day, so any extra load on the server isn't an issue.
In the interest of time, being that they all use the same components, though they may be in different locations or in a different order I would like to write one definition file that can be included with every site, so I can just call the defined constant instead of writing out the code a couple hundred times every year on every site I build. Also for editing later purposes this would make my life MUCH easier.
the definition file would look similar to the following:
define('UPCONTACT','<h1>Contact Us</h1>');
define('ULCONTACT','Contact Us');
define('UPABOUTUS','<h1>About Us</h1>');
define('ULABOUTUS','About Us');
Obviously this is a very basic example but I think you get the idea.
So the question is what are the pros and cons of using define() in this manner?
It's pretty much ok. The disadvantage is that, given you are using constants, you can't override them for a single page or site.
Use an array instead:
config.php
return array(
'aboutus' => '<h1>About Us</h1>',
'contactus' => 'Contact Us'
);
include it like this in your site:
$config = include('config.php');
Then you can print it very easily
<?php echo $config['aboutus'] ?>
You can also change a value when you need it:
$config = include('config.php');
$config['aboutus'] = '<h1>About My Company</h1>';
This is probably your best option.
It has upsides and downsides.
The upsides involve that such way is quicker than loading settings from a database (and creating a database; and creating an abstraction layer, ...).
The downsides involve that such way is not customizable by the client. If they need a change, ensure beforehand the website is static and you will charge them by every change.
IMHO it is better to have some stuff as customizable by the client, and other stuff not. But there's no technical issue at all by using define() in that way (except perhaps allowed datatypes).
A better way to use a ini file or something like that.
(and easily editable from a smartphone if it's a recursive task for you :)
Look for a builtin php function, can make simplify your life
http://php.net/manual/fr/function.parse-ini-file.php
or if you would a more stronger and flexible system,
go for templating (looking for smarty, or self made regex templating)
Looking for my first regex function (loong years ago)
Quitting Smarty to do it manually
Note:
Using Constant does not provide you to dynamically modifying them
inline code, and are poor supported type (you cannot store an array without serialize for example)
I would suggest cascaded ini files:
$conf_dir = dirname(__FILE__);
$config = array_merge_recursive(
parse_ini_file($conf_dir.'base.ini'),
parse_ini_file($conf_dir.'client.ini')
);
The benefits are readability, inability of execution (I like to lock things down that can be), and you can track the base ini in git (or whatever you use) and not the client one. There are some downsides, but such is life. The just feel cleaner, but they are not faster than .php, to be sure.
And if you wanted to eliminate any redundant execution (listen, any "performance benefit" still has "benefit" in it), serialization:
<?php
define('CACHE_DIR', '/tmp/');
// where 'http' is a path part that directly follows the app root, and will always
// be below where this file is called from.
$ini_cache = CACHE_DIR.'config.ser';
if(!file_exists($ini_cache)) {
// Build your config in any way you wish.
$conf_dir = dirname(__FILE__);
$config = array_merge_recursive(
parse_ini_file($conf_dir.'base.ini'),
parse_ini_file($conf_dir.'client.ini')
);
// Store it serialized
file_put_contents($ini_cache, serialize($config));
} else {
$config = deserialize(file_get_contents($ini_cache));
}
You can get more creative with this, but essentially, this allows you to store/generate your configuration in any way you wish. If you wanted to not have to delete the serialized cache on every change, you could add an atime check:
<?php
define('CACHE_DIR', '/tmp/');
// where 'http' is a path part that directly follows the app root, and will always
// be below where this file is called from.
$ini_cache = CACHE_DIR.'config.ser';
$conf_dir = dirname(__FILE__);
$config = array();
if(file_exists($ini_cache)) {
$client_stat = stat($conf_dir.'client.ini');
$cache_stat = stat($ini_cache);
if($client_stat['atime'] < $cache_stat['atime']) {
$config = deserialize(file_get_contents($ini_cache));
}
}
if(empty($config)) {
// Build your config in any way you wish.
$config = array_merge_recursive(
parse_ini_file($conf_dir.'base.ini'),
parse_ini_file($conf_dir.'client.ini')
);
// Store it serialized
file_put_contents($ini_cache, serialize($config));
}
With either serialization method, you can use what ever $config generation scheme you prefer, and if you use PHP, you can even get real creative/complicated with it, and the cached hit to the page will be negligible.
Where do you put the connection settings for a database connection (things like host, dbname, user, password)? Is it placed in the database class or file, or outside in a config file, or somewhere else?
Ideally, you should place it in a config file, which can be something as simple as a PHP array.
For example: db_config.php
$db_config = array(
'host' => 'localhost',
'user' => 'username',
'password' => 'qwerty'
);
You should then place this file outside your document root for maximum security. This way, if your webhost fails you and begins serving PHP files as text files (happens), no one can get your DB credentials.
It can be done in many ways, but what is common is to put it in a settings file, and keep that file outside of the webroot, so that information about the database password can not accidentally leak into the web.
For PostgreSQL, I really like to use pg_service.conf. It allows me to put all connection specific settings (hostname, database name, username, password, etc) into ~/.pg_service.conf or to /etc/postgresql-common/pg_service.conf and give them common name (service name).
Now, any program (Perl, PHP, etc) that wants to connect to database can simply specify "service=name" as their connection string - nice, clean, secure and easily maintainable.
As far as I know, MySQL has similar mechanism for ~/my.cnf or /etc/my.cnf files - you may want to look into that.
There are a lot of ways doing it, but I do it this way by defining CONSTANTS:
Create a config/db.php
<?php
define('DB_INFO','mysql:host=localhost;dbname=test');
define('DB_USER','root');
define('DB_PASS','');
I need to be able to store data for a php application in a file. I need to be able to do this without any sort of external dependencies other than PHP itself.
Here are the requirements I have:
Settings will not be updated/added/removed very often. So updating of settings does not have to be very efficient. However, I do want to be able to do this all through a PHP script, not through editing of files.
Settings will be read constantly, so reading of settings must be very efficient.
Settings are in a unique format, if I had them in an array it might be something like $Settings["Database"]["AccessSettings"]["Username"]["myDBUsername"]; $Settings["Database"]["AccessSettings"]["Password"]["myDBPassword"];
I would prefer to not have settings stored in arrays like I mentioned above. Instead I would prefer some access methods: getConfig("Database","Accesssettings","Username") would return 'myDBUsername'. The reason for this is I want to limit the variables I am storing in the global scope.
What would the best way of getting/retrieving these be?
Do the the hierarchy I was thinking possibly an xml file, but I wasn't sure what PHP was like for accessing xml files (particularly the fact that I need to be able to add, edit, and remove). If it should be XML what sort of xml access should I look into.
If it is another format, I would like some pointers to the right direction for what to look into for how to use that format.
Brian, parse_ini_file is what you need.
Ah, I missed the requirement that you'd be editing this via PHP.
In that case there is nothing native to PHP that you can use for this purpose. You'd have to roll your own.
You could save yourself a ton of time by simply using Zend_Config_Ini though. I know you state that you don't want to use anything else, but Zend Framework is structured to allow you to use whatever pieces of it you need. Zend_Config can be used on it's own. You can certainly just add these few classes to your project and let them handle your INI file parsing.
Here is an example using your samples above:
[config]
Database.AccessSettings.Username = myDBUsername
Database.AccessSettings.Password = myDBPassword
You would load and access this as simply as:
$config = new Zend_Config_Ini('/path/to/ini', 'config');
echo $config->Datbase->AccessSettings->Username; // prints "myDBUsername"
echo $config->Datbase->AccessSettings->Password; // prints "myDBPassword"
To edit and save your config you would use the following:
$config->Database->AccessSettings->Password = "foobar";
$writer = new Zend_Config_Writer_Ini(array('config' => $config,
'filename' => 'config.ini'));
$writer->write();
Edit
Not really sure why people are voting this down based on vog's misguided comments. It is very simple to make this writable by multiple persons by using an exclusive lock. Zend_Config_Writer uses file_put_contents to do it's writing, which has always supported the the LOCK_EX flag, which exclusively locks a file for writing. When using this flag, you cannot have multiple writers attempting to update the file at the same time.
To use this flag with Zend_Config_Writer it's as simple as follows:
$writer = new Zend_Config_Writer_Ini(array('config' => $config,
'filename' => 'config.ini'));
$writer->setExclusiveLock(true);
$writer->write();
An alternate syntax:
$writer = new Zend_Config_Writer_Ini();
$writer->write('config.ini', $config, true); // 3rd parameter is $exclusiveLock
If you're not hand editing, use serialized data.
Writing config using serialize:
file_put_contents('myConfig.txt', serialize($Settings));
Reading config using unserialize:
$Settings = unserialize(file_get_contents('myConfig.txt'));
You could write a class for modifying and getting values for this data using PHP magic functions __get() and __set().
If you are willing to drop in a library, you could use Spyc and have your configuration in a YAML file.
You could also use PHP's support for SQLite which would mean your database is just a file so no need for a DB server.
DBM files may not be a bad idea. PHP has built in support for the various DBM-file varieties:
http://www.php.net/manual/en/book.dba.php
I have a database where I keep my configuration parameters, I want to load the configuration parameters into my application variables only once (or upon specific request to reload the parameters), I also want these variables which holds the configuration parameters to be accessible from all php pages/scripts, the idea is to save hits on the database and improve the application response time.
What is the 'classic' php solution to this matter?
It seems to me that this is essentially the same as any other caching question. The fact that the content to be cached is configuration parameters rather than say the content of Web pages or user profile information is unimportant from a technical perspective.
So what you have to do is come up with some caching solution, whether it's memcached or just writing static files with the data you want to cache.
The trick here is that you're not caching HTML to be presented to the user but rather database query results, so you'll probably want to look at approaches like this one:
http://devzone.zend.com/article/1258
I like using the Zend_Config_Ini class. Creating separate sections that can extend others is easy, and with Zend_Cache with Zend_Cache_Frontend_File (to check for updates to the .ini file) and a backend (I use APC) that is particularly fast to access to avoid any overhead of re-parsing.
; Production site configuration data
[production]
webhost = www.example.com
database.adapter = pdo_mysql
database.params.host = db.example.com
database.params.username = dbuser
database.params.password = secret
database.params.dbname = dbname
; Staging site configuration data inherits from production and
; overrides values as necessary
[staging : production]
; 'database.adapter' is inherited
; others are overridden
database.params.host = dev.example.com
database.params.username = devuser
database.params.password = devsecret
Make a page that sets constants (key word 'define') early in your routines. Just include it wherever needed.
Like Smandoli's answer, I use a single file that has my configuration.
However, my configuration is actually a multi-dimensional array - meaning I have much greater control over my config - I can change it on the fly if I need to, as well as breaking up the varialbes.
$config['error']['nologin'] = "You're not logged in";
$config['db']['host'] = "localhost";
$config['something']['else'] = "hello world";
Edit: I use a file for values that do not change too much. I do use variables from a database occasionally, but not too often.
My rule of thumb is "If the user doesn't need to change it, load from the file; if they need to change it, then it comes from a database".
I came from the world of C++ the paradigm there was to use a singleton which load the parameters on first (and only) instantiation and export an interface with relevant get'ters (like 'int GetVal(char* key,int &val)' ) the singletone was accessible from all parts of the application, is there anything like that in PHP?