John W. Holmes <mailto:[EMAIL PROTECTED]> on Friday, May 28, 2004 11:25 PM said:
> You're right. Option 2 offers more security in that no one will ever > be able to reach the file directly with a web browser. You don't need > to use file() or file_get_contents(), though... A simple > include('../includes/db.inc'); wil work (where ../ takes you outside > of the webroot and into an includes/ directory for the db.inc file). > Or use an absolute path include('/home/user/includes/db.inc'); where > /home/user/www/ is your webroot (for example). how about just calling 'db.php' so that when someone does request it via a web browser it will be parsed and end up not sending any data to the client? chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php