Should a PHP app store configuration data in defined constants or a database?

Question

I'm working on a PHP application and I keep going back-and-forth with myself over the best way to store configuration data (the type that might change occasionally, but probably not frequently). This includes mostly a lot of non-sensitive information like validity periods for certain tokens and cookies, or parameters for the various email messages the application sends, but it also includes a few more sensitive things like API keys.

1. Store it in a database table - This is the path I initially started going down, in part because I was imagining a handy administrative utility that would allow system admins to easily modify these values when necessary. But since most of the application pages need to access one or more of these values, it just feels like a lot of excess trips to the database, even if they are small, fast lookups.

2. Use defined constants - I also thought of just using defined constants and sticking the data in a .php file (outside the web root, of course). This would obviously avoid any database lookups, but somehow it feels similarly wasteful to define a few dozen constants on every page load when a given page will only need a handful of them at most.

Is one or the other (or something else altogether) recommended, whether it be for reasons of security, efficiency, or simply style?

Answer 1

I have seen larger systems that do both.

Store all the values in the database so that they can easily be administered, while also maintaining a php file of constants that are generated each time a value is changed in the backend.

If you are really worried about excess trips to the database, this is probably the route to go down.

Answer 2

Either option works it all depends on the product you are delivering. It's common in large applications that are distributed to multiple clients that you have an easy back-end that they can manage a lot of the configuration details in (such as vBulletins ACP). In other words, option 1 is more common due to the abstraction layer it provides (and for every reason you stated).