Using PHP, is it alright to store database credentials in $_SESSION? I am looking for a way to avoid including config files every time I need to use config vars.
1 Answer
I would suggest sticking with the config file, as it allows changes in real time, if you change the config then this data will change instantly for any users that are online, where sessions would have to be set again every time it's changed. Always including a config may be easier than you think.
You can include a file using a path from your directory root, like this:
<?php
include_once $_SERVER['DOCUMENT_ROOT']."/path/to/config.php";
?>
Where the path should be from your document root, basically from the root of your project. A lot of the time people keep this file in their root, so if your config file is at http://example.com/config.php
using this include will load it from any php file in your project.
<?php
include_once $_SERVER['DOCUMENT_ROOT']."/config.php";
?>
Also, as Qirel mentioned:
The config should be stored outside the public folders - only accessible by the server (and not directly in the browser).
1 Comment
Qirel
Just a note,
include isn't a function, so the parenthesis isn't needed. Also the config should be stored outside the public folders - only accessible by the server (and not directly in the browser).
include_once $_SERVER["DOCUMENT_ROOT"].'/path/to/config', the path will start from the root folder of your project.