Saving database details in database.php instead of .env in laravel 5

@nitishdola .env isn't (or shouldn't!!!!) be accessible from your website as a direct path (it isn't by default).

The only files you can directly access as part of your URI are whatever's within the 'public' directory, everything else is safe.

If you really want to do this, the following should work (untested):

'mysql' => [
    'driver'    => 'mysql',
    'host'      => 'localhost',
    'database'  => 'database_name',
    'username'  => 'db_username',
    'password'  => 'my_secret_passwd',
    'charset'   => 'utf8',
    'collation' => 'utf8_unicode_ci',
    'prefix'    => '',
    'strict'    => false,
],

Notice that the 'env()' call has completely been replaced by a simple string. This should prevent anything from being read from the .env file.

Cheers..

Ian

EDIT: Alternatively, removing the DB_* lines completely from your .env file should then use the defaults (second param in the env() calls).

To further expand on what Ian was saying, the reason for the .env file is as follows:

Say you package up your application and pass it on for use on another server environment, you have to send your database.php file for the system to work. This means they have access to the credentials / information you used on your end.

However, if you have a .env file, you can just ignore that file, and the user on the other end can create their own env file, everything will work!

@taijuten That's a good point, and another I didn't think of at the time, .env should also be added to your VCS ignore file (eg: .gitignore) so that those kind of credentials aren't stored in the repository (and is probably likely to be different in different environments; dev, staging, production, etc), but the database.php file should be (and probably won't change across environments either) as it's a core component of the application.

Cheers..

Ian

EDIT: Oops!! Sounds like I've just reworded the point you were making.... time for another trip to the coffee machine I think! ;D