"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
> Steve Yates wrote:
> >If you name them *.php then put anything in them inside a function, then
> >when the user browses to that file he/she won't see anything at all.
> >
> I think this is a very poor tactic, because it "covers up" the problem
> rather than doing anything about it.
> It's much better to properly name your included files *.inc as suggested
> by Mr. French and either:
> 1. don't put them under document root (my preference)
> or:
> 2. configure your Web server to not allow access to .inc files

    I guess I wasn't trying to say that my suggestion was a complete
solution, but one thing to consider.  For instance, what happens if the
.htaccess file is accidentally deleted?  Then there's no protection.  Or say
the host upgrades PHP or Apache and for whatever reason PHP files aren't
being parsed?  Then my suggestion doesn't solve things (but moving them
outside the htdocs structure will, if available as an option).

    Is there an advantage to not putting code in included files inside
functions?  I wasn't sure if you were critiquing that part of my suggestion

 - Steve Yates
 - Edit. Assemble. Link. Run. Curse. Boot.

/ Taglines by Taglinator - www.srtware.com /

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to