PHP18 min readEnvironment Variables in PHP (No More Hardcoded Secrets)
Store DB credentials and API keys safely using environment variables and .env files.
Hardcoding secrets in code is risky and painful for multi-environment deployments. Better: - use environment variables - optionally load a .env file locally (never commit it) ## Example using getenv() ```php $dbHost = getenv("DB_HOST") ?: "localhost"; $dbName = getenv("DB_NAME") ?: "app"; $dbUser = getenv("DB_USER") ?: "root"; $dbPass = getenv("DB_PASS") ?: ""; ``` ## .env approach (common) Many projects use a library (like vlucas/phpdotenv) to load .env into getenv(). ## Best practice checklist - .env in local/dev only - production uses server environment variables - never commit secrets to git - rotate keys if leaked > Next: Image processing basics, resize uploads safely.