Posted by Ian Hobson on 10/11/07 21:30

David Basford wrote:

> I'd followed what I read and used .INC files to hold important info like
> usernames and passwords for the different access levels that different pages
> might use.
>
> Isn't that rubbish?
> shouldn't these pages be .PHP files you require_once ?
>
In my opinion you are right - you should include or require .php files,
so that their content is harder for a hacker to see. The downside is
that it is not clear which .php files are properly executable and which
are not.

Both the require and include commands will process any file name you
care to give it, so both .inc and .php work just fine.

One gives an error message if the file is missing, and the other causes
the processing to die. IIRC include errors, and require dies.

The include_once and require_once are useful in shared files that may be
called in by more than one included/required file. They ensure that the
content is processed once even if there are multiple calls.

Regards

Ian

[Back to original message]