PHP: Identifying Production & Development Server

In this tutorial, we will show you how to check if your PHP application is running on a production server or a development server.

This can be very useful, as most websites have different configuration values for each environment.

For example:

  • The MySQL server on your local machine will probably have different connection details than the MySQL installation on your production server.
  • File paths can be different.
  • The URL of your app will be different.
  • Your development environment might not support some of the services that are present on your production server.

Here’s a basic example that attempts to solve this issue:

/**
 * Our example configuration file.
 */

//Is this the production server or not?
define('PRODUCTION', true);


//Set the site URL.
if(PRODUCTION){
    //The URL of our live website.
    define('SITE_URL', 'http://example.com');
} else{
    //The URL that we use in our development enviornment.
    define('SITE_URL', 'http://localhost/example/');
}

//MySQL details.
if(PRODUCTION){
    define('MYSQL_SERVER', 'my12.mysqlserver.example');
    define('MYSQL_USERNAME', 'mu_2337823');
    define('MYSQL_PASSWORD', 'sh73hdhIEO!ndgh3903');
    define('MYSQL_DATABASE', 'db_273HSJ');
} else{
    define('MYSQL_SERVER', 'localhost');
    define('MYSQL_USERNAME', 'root');
    define('MYSQL_PASSWORD', '');
    define('MYSQL_DATABASE', 'my_db');
}

This is useful because it is generally a bad idea to be editing configuration values before you deploy your code to the production server. Not only will you have to change them back at some point, there’s also the chance that you might make a mistake.

In the code above, we only have to change one setting. This drastically reduces our chances of messing something up.

In other tutorials, I’ve seen people using code that sets the PRODUCTION constant to FALSE if the value of HTTP_HOST is equal to “localhost”.

I mean, it looks simple and straight-forward, right?

//Is this the production server or not?
if($_SERVER['HTTP_HOST'] == 'localhost'){
    define('PRODUCTION', false);
} else{
    define('PRODUCTION', true);
}

Although the above PHP code looks like it might be a good solution, it really isn’t.

This is because the client can change HTTP_HOST to any value that it wants to.

In other words, a malicious attacker could change HTTP_HOST to “localhost”. If that happens, they will be able to fool your application into thinking that it is running in a development environment.

This opens up the risk that they might gain access to debug information.

A better solution is to use environment variables.

For example, on both Windows and Linux, you can create an environment variable on your local machine.

Then, you can check to see if that variable exists:

//Is this the production server or not?
if(isset($_ENV['DEV_ENVIORNMENT'])){
    define('PRODUCTION', false);
} else{
    define('PRODUCTION', true);
}

Hopefully, you found this guide to be helpful!