Simplest way to parameterize/configure php application | human friendly data serialization

Question

When development time matters, all that others can help is a goal. My PHP app is now parameterized & configured with an include file that contains an array in the form:

$config = array(
   'company'            => 'BMC' ,       // the visible company name
   'aplicable_tax'      => .21   ,       // the IVA tax
   'context_arr'        => array(
        'case1'             =>    12,    // the defalul value
        'case2'             =>    13,
        'case3'             =>    14
                           ),
   'EN_welcome_text'       => 'hello',   // do NOT translate on regionalization

   // xx comparation matrix
   'xx_maxref'=> 5,
   'xx_range' => array( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9),
   'xx_comp'  => array( 
    //  V Other V  > I >>   0, 1, 2, 3, 4, 5, 6, 7, 8, 9
        /*  0 */     array( 0, 3, 5, 5, 5, 5, 5, 5, 5, 5),
        /*  1 */     array(-3, 0, 3, 5, 5, 5, 5, 5, 5, 5),
        /*  2 */     array(-5,-3, 0, 3, 5, 5, 5, 5, 5, 5),
        /*  3 */     array(-5,-5,-3, 0, 3, 5, 5, 5, 5, 5),
        /*  4 */     array(-5,-5,-5,-3, 0, 3, 5, 5, 5, 5),
        /*  5 */     array(-5,-5,-5,-5,-3, 0, 3, 5, 5, 5),
        /*  6 */     array(-5,-5,-5,-5,-5,-3, 0, 3, 5, 5),
        /*  7 */     array(-5,-5,-5,-5,-5,-5,-3, 0, 3, 5),
        /*  8 */     array(-5,-5,-5,-5,-5,-5,-5,-3, 0, 3),
        /*  9 */     array(-5,-5,-5,-5,-5,-5,-5,-5,-3, 0),
),


// and so on
// and so on
// and so on
)

But this approach is insecure, because any allowed editor can inject PHP code or errors.

My Questions:

• Can you suggest a simple and flexible format to give three party a way to parameterize a PHP app?
• Is there a conversion script from that format into a PHP?

Answer 1

Your spec regarding security from a third-party breaking the code can not be achieved if the third-party has access to the code.

The solutions provided so far all have limitations that in my opinion break more imporatant items of your spec - flexibility and maintainability.

• Database Solution may separate the configuration options from the code, but you lose flexibility of format (e.g. comments, complex data types) and increase complexity losing maintainability. Furthermore, if a developer has access to the code, they could simply overwrite the configurations options.
• Encoding Solution - this includes JSON, Serialization, and INI - same problems the Database Solution. Limited to the format of the encoding. Added a layer of complexity. Developer with project access can still overwrite the configuration options.
• Database + Encoding Solution contains all the same problems.

I reiterate - if you can access the code, you can break the code. A PHP config file is a very common way to configure your project. If you don't trust developers with it, don't give them access. Don't obfuscate the code and sacrifice maintainability.

UPDATE REGARDING PHP CONFIG FILE

If you are requesting an answer for the simplest way to configure a PHP application, the that would be an INI file. PHP's core configuration comes from such files. It's format offers all the syntax you require - comments, arrays, etc. It can be parsed with a native function - parse_ini_file(). If you are concerned about security/access, as noted above, you can exclude it from the project or keep it in a separate location. Conversely, if you want to allow someone to configure the app without access to the code, they could simply edit the INI file.

UPDATE REGARDING nD Arrays

While it is true parse_ini_file() does not support multidimensional arrays, you can combine sections with arrays to provide more complex configuration. Anything beyond that, in my opinion, is dangerously close to flat data file - not a configuration file - and belongs elsewhere (i.e. database).

Answer 2

A great alternative to XML is YAML. YAML's syntax is light and easy to read/write for anybody. Another great point is that YAML makes a difference between hashes and arrays. I recommend you the symfony stand-alone component : http://fabien.potencier.org/article/40/the-state-of-yaml-in-php

your file would look like :

company: BMC         #the visible company name
aplicable_tax: 0.21  #the IVA tax
context_arr:
    case1: 12       #the defalul value
    case2: 13
    case3: 14
EN_welcome_text: hello #do NOT translate on regionalization

#xx comparation matrix
xx_maxref: 5
xx_range: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 ]
xx_comp:
# V Other V  > I >>   0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    -[  0, 3, 5, 5, 5, 5, 5, 5, 5, 5 ] # [ 0 ]
    -[ -3, 0, 3, 5, 5, 5, 5, 5, 5, 5 ] # [ 1 ]
    -[ -5,-3, 0, 3, 5, 5, 5, 5, 5, 5 ] # [ 2 ]
    -[ -5,-5,-3, 0, 3, 5, 5, 5, 5, 5 ] # [ 3 ]
    -[ -5,-5,-5,-3, 0, 3, 5, 5, 5, 5 ] # [ 4 ]
    -[ -5,-5,-5,-5,-3, 0, 3, 5, 5, 5 ] # [ 5 ]
    -[ -5,-5,-5,-5,-5,-3, 0, 3, 5, 5 ] # [ 6 ]
    -[ -5,-5,-5,-5,-5,-5,-3, 0, 3, 5 ] # [ 7 ]
    -[ -5,-5,-5,-5,-5,-5,-5,-3, 0, 3 ] # [ 8 ]
    -[ -5,-5,-5,-5,-5,-5,-5,-5,-3, 0 ] # [ 9 ]

YAML has all XML advantage and even more.

Answer 3

I find the easiest and most flexible format to be JSON using PHPs built in json_encode and json_decode. Your configuration array then looks like this:

{
    "company" : "BMC",
    "aplicable_tax" : 0.21,
    "context_arr" :
    {
        "case1" : 12,
        "case2" : 13,
        "case3" : 14
    },
    "EN_welcome_text" : "hello"
}

The advantage is, that you can also store the configuration somewhere else (e.g. a database) and don't have to give users direct access to the filesystem.