Using the PHP Function Putenv
The php function putenv allows you to set new environment variables that are only available for the duration of your script. This is useful if you need to change a value in your application but don’t want to change the values in config files or set them via the $_ENV superglobal array or other methods that could be dumped by attackers.
This is also a good way to make sure that your config files can be read by other processes such as the web server, FastCGI or SAPI. You can also use the php function getenv to retrieve environment variables but it is only a good idea if your config file is stored outside of your document root or you can ensure that the directory where your config files are located (such as gisbase, location and mapsets) has write permission for the account under which your script runs or at least for the apache group www-data.
You should always be wary of using the php function putenv, especially when it is used in conjunction with config files as these can be easily dumped by attackers. Whether the data is coming from your web server configuration, PHP’s Superglobals or the OS / container environment – it should be filtered and validated just like any other external data that comes into your application.
It is worth noting that the php function putenv only works if you have safe_mode enabled. This is because the comma-delimited list of environment variables that you specify in the putenv() function can only be changed when you are running a PHP script that is running in safe_mode. This is in contrast to the php function getenv which returns all of the environment variables regardless of whether you are in safe mode or not.