> On 14-Jul-01 hassan el forkani wrote:
> > there should not be any problem if your web server is configured to parse
> > .inc extentions as PHP, in wich case, even if the file is called
> > separately, the server will strip php tags and send normal html output.
> >
> Enough already.
>  Whom should we flog and keel-haul for starting this include(foo.inc) crap ?!?

There is nothing wrong with naming include files with a separate
extension.  In fact it is more secure as long as you block access to files
with that extension.  Naming your include files with the .php extension
opens you up to possible out-of-context parsing security issues.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to