It's always better to make sure that array key exists before calling it. filter_input is fine.

I'm not sure about the sanitization part, but I've always used getenv('TEST_STRIPE_KEY'). The function doesn't throw an error if the key is not set, unlike calling $_ENV directly.

Unless you are letting users set the ENVs, I don't see why any sanitization is necessary. Typically only you would be setting those and they would be hard coded in your config files or .env.php files.

For example, in app/config/app.php I have 'url' => getenv('app.url'),, the value of which is defined in /.env.local.php, and /.env.production.php.

Thanks for the replies. I like the getenv('key'), and the error goes away in NetBeans too.

Should we request that the official documentation be updated to suggest using getenv() instead of reading $_ENV directly?