Support the ongoing development of Laravel.io →
silverpaladin
posted 9 years ago
Configuration Security
Last updated 1 year ago.
0
kokokurak
replied 9 years ago

It's always better to make sure that array key exists before calling it. filter_input is fine.

Last updated 1 year ago.
0
jhauraw
replied 9 years ago

I'm not sure about the sanitization part, but I've always used getenv('TEST_STRIPE_KEY'). The function doesn't throw an error if the key is not set, unlike calling $_ENV directly.

Unless you are letting users set the ENVs, I don't see why any sanitization is necessary. Typically only you would be setting those and they would be hard coded in your config files or .env.php files.

For example, in app/config/app.php I have 'url' => getenv('app.url'),, the value of which is defined in /.env.local.php, and /.env.production.php.

Last updated 1 year ago.
0
silverpaladin
replied 9 years ago

Thanks for the replies. I like the getenv('key'), and the error goes away in NetBeans too.

Should we request that the official documentation be updated to suggest using getenv() instead of reading $_ENV directly?

Last updated 1 year ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

SilverPaladin silverpaladin Joined 1 Aug 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise