On Feb 11, 2007, at 1:16 PM, Larry Garfield wrote:
You're using str_replace() on PHP code to control configuration
variables?
There's a half dozen better ways that are less error prone and faster
and
more secure.
My recommendation:
- If the config is all simple values, use an ini file. You can then
use
parse_ini_file() to read the data into an array that you can
reference, and
can write the array back out easily. (Ini is a very simple format.)
- If you want it to be programmatically editable, put it in your
database and
be done with it. A simple key/value table with a getter function and
setter
function is trivial to setup, but far more robust and flexible than
messing
around with the file system.
Thank you for your suggestions.
I am writing a web based app that creates packages for registered
users. Each user has a user space created for them on the server.
It consists of a directory with files and subdirs and files. Each
package
is uniform. The only thing that personalizes each user space is the
user space directory name and the config file in that user space.
This config file does not effect any other users space. So an ini file
with globally set variables is completely out of the question. At
present
I am not using any databases in this context. There are other security
measures I have in place for this. One is that the user must login and
all transactions with the server are done over ssl. Every page request
is authenticated (not by re entering id/pw). And a few other tricks.
Thanks again.
Jeff K
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
