John W. Holmes <mailto:[EMAIL PROTECTED]>
on Friday, May 28, 2004 11:25 PM said:
> You're right. Option 2 offers more security in that no one will ever
> be able to reach the file directly with a web browser. You don't need
> to use file() or file_get_contents(), though... A simple
> include('../includes/db.inc'); wil work (where ../ takes you outside
> of the webroot and into an includes/ directory for the db.inc file).
> Or use an absolute path include('/home/user/includes/db.inc'); where
> /home/user/www/ is your webroot (for example).
how about just calling 'db.php' so that when someone does request it via
a web browser it will be parsed and end up not sending any data to the
client?
chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
