Best practices when using XML for PHP configuration?

Question

I was planning to use an XML document to store configuration for my next PHP project, in a format similar to ASP.NET Web.Config files. Just two concerns:

1. Cannot be served to the browser.
2. Must be viable in shared hosting.

The best way I could think to prevent it from being served is to change the filetype to PHP and add the following comment:

<?xml version="1.0" ?>
<!-- <?php if(!defined('FW_LOADED')){ exit; } ?> -->
<configuration>
....
</configuration>

This is working fine, but I don't feel like it is the best solution.

Has anybody else used XML to store configuration for a PHP project? What are some good alternate solutions (instead of putting a comment at the beginning of the file which exits the script if a constant is not defined)?

---

Update:

Changed the question title to better reflect what I'm looking for. Sorry for the misleading original question title. Using XML for configuration is not the question. I am asking for the best practices when using XML for configuration. Please stop suggesting that I use arrays or INI files...

I want the config file to be as easy as possible to use, even for non php developers. I chose XML because it is language neutral. I am already using SimpleXML to parse the config (partially). I am also not worried about compiling or making it faster because that can be achieved using memcached or other utilities.

The best solutions so far are:

• Moving it out of web root.
  • Possible, but would like to keep the config as close as possible to the application.
• Using htaccess to hide the config file.
  • I don't want to risk the chance that someone breaks the .htaccess file, leaving the config file exposed.

I would like to hear from someone who has experience using XML for configuration settings in an application, and how they prevent the config file from being served.

Answer 1

This is what I usually do for config files - actually, this is more of the basic setup, usually it's wrapped in custom class that combines multiple config files into a single config object:

config.php:

return array(
 'config1'=> 'config1value',
 'config2'=> 'config2value',
);

some_page.php:

$config= include('config.php');
if ($config['config1'])
 ...

The config is stored as a PHP array in a PHP file file, so it is parsed by the PHP engine and never returned to the browser. (You can protect the config files further by storing them outside the web root, setting a mod_rewrite rule to prevent serving config files/directories, etc.)

Storing configuration info in an XML file adds the overhead of parsing an XML file to every request. Database storage of advanced configuration data is nice, but also costly (obviously, the database won't be storing your database connection info, so you'll still need a config solution for some basic info). Config data is usually very static (written rarely / read every request), so it's ripe caching via memcached or other cache schemes.