Apart from unfortunately placed ?> 's or " 's this is possible.

A very common mistake is not to register all of your php file extensions with apache.

I've seen a number of sites for example that didn't have the .inc extension registered,
include() doesn't care about that, but if your includes are under the document root of 
website  (that happens a lot too, i don't know why ?) and you specify the exact name 
the include in your browser (or worse, the directory is browsable from the web), the 
will default to text/plain content and display the source. Bad thing since includes 
usually contain
passwords and stuff.


On Wed, 16 Jan 2002 13:19:20 -0800, Richard Baskett wrote:

>PHP is a server side language so the PHP engine parses all the php code in
>your webpage and then spits out html code.  So when surfing through a
>website that uses PHP you will never see PHP code unless of course you
>screwed up and echoed the data :)
>"How wonderful it is that nobody need wait a single moment to improve the
>world." - Anne Frank
>> From: "Phil Schwarzmann" <[EMAIL PROTECTED]>
>> Date: Wed, 16 Jan 2002 16:03:45 -0500
>> Subject: [PHP] PHP Security - "view source code"
>> How easy/hard is it to view the PHP source code when you're at website?
>> I noticed when I was using Internet Explorer, if I pressed "view
>> source"...it would show the HTML but not the PHP.
>> -Phil
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to