Menu
Community /Pin to ProfileBookmark
@NogDogNov 11.2007 — #None that I know of. If anything, they should be more secure than variables since once they are set, they can not be changed.
But perhaps you should consider a "config" class with each of those values as class constants:
@NogDogNov 11.2007 — #I was visualizing the configuration constants just being in a separate class, which could then be require_once()'ed with any file that needs access to them; but there is no particular reason they could not exist in any desired class. Also, if the value needs to be modifiable, you specify it as [b]static[/b] instead of [b]const[/b]. In either case, they must be referenced as [b]ClassName::constant_name[/b] rather than via [b]objectName->constant_name[/b].
On a related (?) note, you might want to consider defining your database class as a "singleton" class (see[url=http://www.php.net/manual/en/language.oop5.patterns.php]Patterns[/url] ). Then once that class is instantiated as an object in any object, all further attempts to instantiate it actually get a copy of the same database object.
Are there any security issues with constants?
In my config file I currently have an array containing all the values/settings required for the site/system.
This becomes a pain with OO as i ma always having to pass these into objects/functions.
Are there any security issues with using constants to store DB connection values etc…?
Sign in
to post a comment3 Comments(s) ↴
0
@NogDogNov 11.2007 — #None that I know of. If anything, they should be more secure than variables since once they are set, they can not be changed.But perhaps you should consider a "config" class with each of those values as class constants:
[code=php]<?php
class Config
{
const constant_name = 'some value';
}
class Example
{
function getConstant()
{
return Config::constant_name;
}
}
$test = new Example();
echo $test->getConstant(); // outputs "some value"
?>
[/code]0
@NogDogNov 11.2007 — #I was visualizing the configuration constants just being in a separate class, which could then be require_once()'ed with any file that needs access to them; but there is no particular reason they could not exist in any desired class. Also, if the value needs to be modifiable, you specify it as [b]static[/b] instead of [b]const[/b]. In either case, they must be referenced as [b]ClassName::constant_name[/b] rather than via [b]objectName->constant_name[/b].On a related (?) note, you might want to consider defining your database class as a "singleton" class (see