Best Practices for creating a PHP INI/CONFIG file and keep it secure

Question

I always used a normal PHP file and just defined the variables in that file, but is this considered best practice?

Example:

Answer 1

unless someone has access to your PHP source code that is secure.

however I would make sure the file is outside of the document root to prevent problems IF for some reason php gets turned off on the website and all of a sudden people can see the source of your files :).