Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialMartin Ulč
15,396 PointsEnvironmental Variables and webhosting providers, security risk!!!
I would have one question for everyone. Why I should use environmental variables when most webhosting providers has putenv() on disable_functions list?
When I install phpdotenv, add all the necessary things to autoload.php, create .env file with variables like SECRET_KEY and use getenv('SECRET_KEY') I can't get any result.. then I found out, my webhosting provider has putenv() in disable_functions list. There is no point to use this then or am I wrong?
INTERESTING: When I use $_ENV['SECRET_KEY'] instead of getenv('SECRET_KEY') it returns my SECRET KEY.
Could someone help me with this issue? I'm trying to secure my website with administration things from these videos like (decodeJwt(), isAuthorized() functions etc.)
1 Answer
Alena Holligan
Treehouse Teacher.env files are primarily for development. On a production server, you can set environment variables on the server and not through code. Ask your hosting provider how you set environment variables. You could still use the package for reading and specifying required environment variables. Check the details in this video https://teamtreehouse.com/library/additional-considerations?t=261