Support the ongoing development of Laravel.io →
silverpaladin
posted 10 years ago
Configuration Security
Last updated 2 years ago.
0
kokokurak
replied 10 years ago

It's always better to make sure that array key exists before calling it. filter_input is fine.

Last updated 2 years ago.
0
jhauraw
replied 10 years ago

I'm not sure about the sanitization part, but I've always used getenv('TEST_STRIPE_KEY'). The function doesn't throw an error if the key is not set, unlike calling $_ENV directly.

Unless you are letting users set the ENVs, I don't see why any sanitization is necessary. Typically only you would be setting those and they would be hard coded in your config files or .env.php files.

For example, in app/config/app.php I have 'url' => getenv('app.url'),, the value of which is defined in /.env.local.php, and /.env.production.php.

Last updated 2 years ago.
0
silverpaladin
replied 10 years ago

Thanks for the replies. I like the getenv('key'), and the error goes away in NetBeans too.

Should we request that the official documentation be updated to suggest using getenv() instead of reading $_ENV directly?

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

SilverPaladin silverpaladin Joined 1 Aug 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
BairesDev
Remotely Works
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise