PHP Configuration – Why Public Web Applications Avoid INI Files

cmsconfigurationPHP

Almost every public CMS out there uses a .php configuration file for the database settings and so on. For example WordPress automatically creates a .php config file when you install it.

Why don't they just use a .ini file? PHP already has parse_ini_file() and I'm sure other languages have similar functions.

Best Answer

With PHP in particular; the difference between an .ini file and a .conf.php file is negligible.

Using PHP directly for configuration has the distinct advantage of only needing to relate to one well-defined, portable syntax for configuration, and the fact that the configuration file is properly code is occasionally useful.

Compared to that; an ini file has little to nothing to offer; and include, require and require_once are all well-known and (mostly) well understood.

Related Solutions

PHP Configuration – Config File in .ini or .php Format

INI files have the disadvantage that they can't elegantly represent complex data structures like arrays. Therefore they are only useful for very simple configuration. Using a PHP file for configuration can be viewed as a security problem: Any code might be entered there. Worse, a simple syntax error like forgetting a closing quote could render the whole configuration unusable.

There are already common human-readable data formats. XML is extremely powerful, but overly verbose, and not every data maps cleanly to XML. JSON is another excellent format, but has a very strict syntax.

I would urge you to consider YAML. It is extremely easy to read, and includes JSON as a subset of its syntax.

this is a key: some value here
another key:
  - this is the first item in an array
  - another one
  - { inline: dictionary, has: values }
  - [ inline array, has, more, values]
  - "Quote this, if you like"

There are many more advanced features beyond simple dictionaries and lists, making this a very flexible format.

Web Development – Best Practice for Configuration Files

Have you looked at other CMS and how they approach the problem?

For example, Drupal configuration responds to all your current needs and shows one possible way to not being limited by the constraints of INI.

You may also consider:

Ordinary PHP files (pros: simple, no parser needed; cons: the end user can screw the file and break the entire app),
INI (pros: still simple; cons: the flat structure is limiting),
XML (pros: no limits of INI; cons: not user-friendly, too much markup),
JSON (pros: less markup compared to XML; cons: still not user-friendly),
YAML (pros: humanly-readable; cons: the end-user can still screw the structure),
Custom page which allows the user to configure every aspect of the application though web interface (pros: user-friendly; cons: the excessive cost of developing the solution).

If you're working with end-users who don't have technical background, the last solution is the only one viable.

Applications like PHPBB show how to make two-step configuration: when the application runs for the first time, it executes setup.php which asks for the connection string, the root password, etc. Once the app is installed, the administrator can log in to access the administration panel.

Best Answer

Related Solutions

PHP Configuration – Config File in .ini or .php Format

Web Development – Best Practice for Configuration Files

Related Topic