Posted by David Basford on 10/11/07 21:15

I'm relatively new to php and mysql and this hosting thing
I have written a site that will be big- and am making it open source so it
will be bigger (I'm guessing mine and other sites will have 5-10k regular
users). So security would be nice :)

I learned php as I went along (I'm a C programmer in my job which made it
easdy though this is a non-financial hobby enterprise)
I'd followed what I read and used .INC files to hold important info like
usernames and passwords for the different access levels that different pages
might use.

Isn't that rubbish?
shouldn't these pages be .PHP files you require_once ?

if a site user looks for http://www.mysite.com/inky.inc he will sometimes
get to see the contents including all the php stuff (I've not mastered all
my permissions yet - and I know I need to work on that) but if he/she tries
http://www.mysite.com/inky.php the content would be whatever non-php was in
that file.

Is my assumption correct?
I need to make a generic file which is referenced to.
It will (presently) contain information about other files (presently .inc
files) that contain password and user information

If I didn't explain well, let me know

Any ideas - is it Ok to change to 'require_once' ? It certainly seems safer
than 'include'

Thanks

[Back to original message]