Ashley Sheridan wrote:
Just thought I'd point out that it's recommended against giving non-php
extensions to PHP code pages. Basically, making all of your include
files .inc without the server correctly configured to recognise all .inc
files as PHP files, you are opening yourself up to possible hacks where
people put the URL of your include directly in their browser and view
all your code. Best thing is usually to name files like this:
filename.inc.php or some-such, and not filename.inc.


v well said - one thing you never want is your source showing!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to