PHPMaker does not automatically know your production database connection settings. You must configure them manually for production deployment.
1. Generated Environment Files
When you generate your project, PHPMaker creates two local environment files:
| File | Purpose | Default Contents |
|---|---|---|
.env.dev.local |
Development connection info | From your development environment |
.env.prod.local |
Production connection info | Initially same as .env.dev.local |
Both files contain your development connection info by default.
You must update .env.prod.local with your production database info.
2. Example: Production Connection Info
Edit .env.prod.local and set your production database credentials:
DB_DRIVER=pdo_mysql
DB_HOST=localhost
DB_PORT=3306
DB_DBNAME=demo2026
DB_USER=root
DB_PASSWORD=your_password
DB_CHARSET=utf8mb4
These values are examples only. Replace them with your real production settings.
3. Preventing Overwrites
If you have modified and do not want .env.prod.local to be overwritten when you regenerate the project:
- Disable the Advanced Setting: Generate .env.prod.local
This setting tells PHPMaker whether to generate the file during future generations.
4. Keep It Private
Do not commit .env.prod.local to any public Git repository (for example GitHub, GitLab, or Bitbucket).
It contains sensitive credentials.
5. Alternative: Set Connection in Database_Connecting Event
You can also set your production connection dynamically in the Database_Connecting server event, e.g.
public function Database_Connecting(array &$info): void
{
if (getenv('APP_ENV') === 'prod') {
$info["driver"] = "pdo_mysql";
$info["host"] = "localhost";
$info["port"] = 3306;
$info["user"] = "root";
$info["password"] = "your_password";
$info["dbname"] = "demo2026";
$info["charset"] = "utf8mb4";
}
}
Warning: Do not commit your project file (.pmp) containing credentials to any public repository.
6. Encrypting Secrets (Recommended)
You can also enable the Advanced Setting Encrypt secrets.
- This encrypts sensitive values (like passwords) in
.env.prod.local. - Then you can safely commit
.env.prod.localto version control.
However:
- Do NOT commit
config/secrets/prod/prod.decrypt.private.php - That file must stay only on your production server (used to decrypt secrets).
7. Most Secure Method: Use Environment Variables
The safest and most flexible method is to set environment variables on your production server and use them in your server event:
public function Database_Connecting(array &$info): void
{
if (getenv('APP_ENV') === 'prod') {
$info["driver"] = getenv("DB_DRIVER");
$info["host"] = getenv("DB_HOST");
$info["port"] = getenv("DB_PORT");
$info["user"] = getenv("DB_USER");
$info["password"] = getenv("DB_PASSWORD");
$info["dbname"] = getenv("DB_DBNAME");
$info["charset"] = getenv("DB_CHARSET");
}
}
Then credentials never appear in your project files or repository.
Example: Apache Virtual Host Configuration
If you use Apache, you can define environment variables directly in your site configuration file:
<VirtualHost *:80>
ServerName demo2026.example.com
DocumentRoot /var/www/demo2026/public
SetEnv DB_DRIVER pdo_mysql
SetEnv DB_HOST localhost
SetEnv DB_PORT 3306
SetEnv DB_DBNAME demo2026
SetEnv DB_USER root
SetEnv DB_PASSWORD your_password
SetEnv DB_CHARSET utf8mb4
<Directory /var/www/demo2026/public>
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
After saving the file, reload Apache to apply the settings: (Assume Linux here)
sudo systemctl reload apache2
These variables will then be available to your PHP application through getenv().
Summary
| Method | Security | Prevent Overwrite | Recommended |
|---|---|---|---|
.env.prod.local |
Medium | Yes (with advanced setting) | Good |
Database_Connecting event |
Medium | Yes | Good |
| Encrypted secrets | High | Yes | Better |
| Environment variables | Very High | Yes | Best Practice |