|
|
Posted by C. on 10/12/07 10:22
On 11 Oct, 23:23, Michael Fesser <neti...@gmx.de> wrote:
> .oO(David Basford)
>
> >I learned php as I went along (I'm a C programmer in my job which made it
> >easdy though this is a non-financial hobby enterprise)
> >I'd followed what I read and used .INC files to hold important info like
> >usernames and passwords for the different access levels that different pages
> >might use.
>
> >Isn't that rubbish?
> >shouldn't these pages be .PHP files you require_once ?
>
> Not necessarily.
>
8<
>
> Such files don't belong to the document root. They should be stored
> outside of it, so that they are not accessible by a URL at all.
>
8<
> _Never_ make such files available via a URL.
8<
>
> RTFM again. 'include/once' and 'require/once' do the same, the only
> difference is the error handling if a file can't be found.
>
Mostly agreed, althuogh cheap and nasty hosting doesn't always allow
an include directory outside the document root. Possible solutions
include:
naming files so that they are not served up - typically anything
beginning '.ht' - but this is a bit of hack
having only function/class definitions in include files and naming
them as .php (where I've set up style guides, I always use .inc.php
for include files, regardless of location)
C.
Navigation:
[Reply to this message]
|