[thelist] Re: php include

j.d. welch so.there at showtunepink.com
Wed Jan 22 22:29:01 CST 2003


On Wednesday, January 22, 2003, at 08:26  PM, Cardenas, Daniel wrote:

> I don't think it matters- I think you can use .foo if you'd like...
> I use .inc or .txt, but .php should be fine too, although any php code
> in a
> file ending in .php would be executable. Could be a bad thing
> (passwords
> etc.)

true, but sometimes it's a good thing.  if you have an include file
with .php extension* that doesn't produce any output, say a small file
with variables for your mysql server/user/password values or a function
library (etc.), then loading it in the browser will just return a blank
page. however, a file with a random extension, say .foo, will (always?)
be displayed as plain text in the browser.  easy to fix, however, just
add this in an .htaccess to hide whatever your include files are called:

<Files "*.inc">
  Deny from all
</Files>

this returns a 403 error if any file ending in .inc is requested, but
does not interfere with php including the file as it parses the page.

fwiw,

-jd

(* assuming that .php files are the ones parsed by php...)

------------------------------------------------------------------
    J.D. Welch			|    so.there at showtunepink.com
    graphic designer    	|    http://www.showtunepink.com
    web developer       	|    https://kitschparade.ath.cx
------------------------------------------------------------------




More information about the thelist mailing list