Posted by Adrienne Boswell on 02/08/07 04:50

Gazing into my crystal ball I observed "Jonathan N. Little"
<lws4art@centralva.net> writing in
news:f1bac$45ca794c$40cba7a1$17728@NAXS.COM:

> Yes, can be, If the include is just static HTML it would be ok, but
> if there is any scripting one should use PHP to prevent looking at PHP
> source and only have the result visible. '.inc' many times is not
> registered on server could be accessed directly as plain text. Would
> be a bad thing if the include was the setup for accessing site's
> database, eh?
>
> -- database.inc --
><?php
> $user='admin';
> $password='verysecret';
> ...
>
>
>>
>> Is that true? (Maybe it's obvious I'm not a php user...)
>>
>
> So bottom line is if just plain HTML, sure call the include
> 'something.html', but if has anything sensitive, better to use
> 'something.php'
>
>

My naming convention is whatpart_inc.php or whatpart_inc.asp. I do this
because a) it saves me thinking time; b) using _inc, I can still do a
search based on file name; c) I very often include server side code in
my includes so, they still need that extension.

--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share

[Back to original message]