J Smith wrote: > Also, if you're including a file named "CONFIG.inc" from the same directory > as the script itself, please, please tell me you have your web server set > up not to serve CONFIG.inc to the outside world. (i.e. you have a .htaccess > file or something to send DENY to a request for CONFIG.inc or something.) > Otherwise somebody could just grab http://example.com/CONFIG.inc and see > it's contents without restriction.
On that same topic, *why* do people name files with both .inc and .php? Your .inc file has PHP code in it, right? Why not just call it .php and spare the server reconfiguration. If knowing which files are "include" files (long time since I've made that distinction!) just prepend them with inc_ or put them all in an includes/ directory. You hit a raw nerve there J Smith. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
