2016-10-23 20:52
浏览 83


I have a class where I want to use an API, and I've got the api keys in a separate file in another directory.

The api key file is literally as simple as this:

$id = 'xxxxxxx';
$key = 'xxxxxxx';

This doesn't work:

include '/path/to/file-with-api-keys.php';

class MyApiClass {
    public function __construct($id, $token) {
        $this->client = new Client($id, $token);

The code where I instantiate the class is in another php file I'm using to test, and it's extremely simple, just includes the class and then instantiates it:

include '/path/to/MyClass.php';

$result = new MyClass();

echo $result;

The error I get is basically saying the 2 variables are null.


1) How can I access the value of the variables in my constructor? I've read elsewhere that using an include file directly in the method is bad practice, and also that using a global variable would be bad practice as well.

2) Somewhat related question, these files where I'm storing the api keys are in the same directory with my database connection details, but the directory is not outside the root. In this directory I have an .htaccess file with "Deny From All". Is this sufficient from a security standpoint, or should I do something else?

ok 3 questions...

3) Should I even bother keeping the api keys in separate files within this directory or just embed them into my class?

Hoping someone can give me best practices here. Thanks!

图片转代码服务由CSDN问答提供 功能建议

我有一个我想要使用API​​的类,我在一个单独的文件中有api键 在另一个目录中。


  $ id ='xxxxxxx'; 
 $  key ='xxxxxxx'; 


  include'/ path / to /  file-with-api-keys.php'; 
class MyApiClass {
 public function __construct($ id,$ token){
 $ this-> client = new Client($ id,$ token); \  n} 

我实例化该类的代码是在我用来测试的另一个php文件中,它非常简单,只包括该类 然后实例化它:

  include' / path / to / MyClass.php'; 
nnnresresult = new MyClass(); 
 $ result->  myMethod(); 
echo $ result; 

我得到的错误基本上是说2个变量为空。 < p> 两个问题:

1)如何在我的constr中访问变量的值 uctor? 我在其他地方读过,直接在方法中使用包含文件是不好的做法,并且使用全局变量也是不好的做法。

2)有些相关的问题,这些 我存储api密钥的文件与我的数据库连接详细信息位于同一目录中,但该目录不在根目录之外。 在这个目录中,我有一个带有“全部拒绝”的.htaccess文件。 从安全的角度来看,这是否足够,或者我应该做些什么呢?


3)我是否应该将api密钥保存在此目录中的单独文件中,或者只是将它们嵌入到我的目录中 类?

希望有人能在这里给我最好的实践。 谢谢!

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duanfaxin7014 2016-10-23 21:16
    1. The constructor won't read the variables from file-with-api-keys.php automagically. You must specify them like this when instantiating the class: $result = new MyClass($id, $key);

    2. The best practice is to store all your PHP scripts outside the webroot directory except index.php (aka front controller).

    3. Yes, you should bother :) All configuration, API keys etc. should be stored in separate files, outside your classes code. You shouldn't mix these two things. If you're going to use some version control system like Git, then you're going to commit your classes code without any configuration details. The latter will be in your .gitignore file. If you ever work in a team of programmers, then every one of them is going to have his separate configuration files.

    打赏 评论

相关推荐 更多相似问题