On production, you can set environment variables directly in your virtual host configuration or via your hosting control panel. For Apache:
config.php opened its eyes. It did not have complex algorithms or loops. It didn't process user data or render visuals. It was pure knowledge. Instantly, it shared its constants:
By decoupling application logic from environmental states, the script allows developers to rapidly deploy code adjustments without breaking core functionalities. Structural Design Patterns config.php
Your config.php reads from the environment using PHP's getenv() or a library like vlucas/phpdotenv . DB_HOST=127.0.0.1 DB_PASSWORD=super_secret_password Use code with caution. Example Modern config.php File:
Global constants (e.g., define('DB_HOST', 'localhost') ) cannot be namespaced or changed at runtime. They also pollute the global scope. Prefer returning an array. On production, you can set environment variables directly
Popularized by modern frameworks, this design isolates global definitions by preventing pollution of the global scope. It explicitly passes variables strictly to the script that demands them.
However, config.php is not without its pitfalls. A common mistake is to treat it as a dumping ground for application logic, business rules, or verbose arrays of unchanging data. This blurs the line between configuration and code, leading to a fragile system where a missing constant can crash the entire application. The principle of “configuration as data” should prevail: store credentials, environment flags, and service endpoints, but leave algorithms, class definitions, and complex conditionals to their proper place in the application’s core logic. Furthermore, version control presents a challenge. The config.php file often contains secrets, so it should never be committed to a public repository. Instead, developers commit a sample file— config.sample.php or config.default.php —and allow each developer or server to create its own private version. It didn't process user data or render visuals
chmod 600 config.php chown www-data:www-data config.php
Beyond security, config.php is the engine of environment abstraction. Modern development workflows rely on multiple environments: a developer’s local machine, a shared staging server, and the live production server. Each has different database hosts, error-reporting levels, and cache settings. A well-structured config.php can detect the current environment—often by checking the server name or an environment variable—and load the appropriate settings. For example, on a development machine, display_errors might be set to 1 to aid debugging, while on production, it is silenced to protect user experience and avoid leaking system information. This chameleon-like ability allows a single codebase to move seamlessly from laptop to cloud.
Your config.php file then acts safely as a read-only translation layer for those values:
What does your hosting platform run on (Apache, Nginx, LiteSpeed)?