Can I use .ini for a config file in PHP?
A friend of mine asked me to update the PHP application that his company uses. I found out that the application uses the .ini extension for the DB configuration file. The file contains the database host address, username and password !. The problem is that I can access the file in web browsers.
I am trying to understand why. Are there any special reasons for using a regular php file with .ini extension ??? I just do not understand.
source to share
Readability is one of the main reasons I've used ini filies for php script configurations in the past. People who are not codons have visited the ini file at least once before and can figure out which is much easier than a simple php file.
The question of ini files being readable by anyone can be prevented by server side configuration, or even better, simply by adding one line of code inside the comment line at the top of the file.
So php will print "No direct access" when accessing the file through a browser, and the ini file will continue to work as before.
source to share
You can use Zend_Config_Ini . It's convenient and easy. Just don't put any config files that anyone can access (like public_html).
source to share
INI files are just one of the ways to configure the configuration, perhaps the developer came from a Windows development background and used everything he knew :). In addition, PHP offers a convenient way to parse INI files using the parse_ini_file function .
You want the .INI file not to be accessible from the Internet. Move it under docroot so that your PHP script can still access it, but random browsers cannot.
source to share
It looks like it's just a former programmer wanting to use a different file type for configuration. If there is no other use for this file, rename it to * .php and forget about it. If not, configure the webserver for ini parsing as php, or better, move it to a directory not accessible from the webserver.
source to share