I place name all my included files *.inc... I place them all in a folder
/inc/ and place a .htaccess file in that directory to restrict the files
being served of HTTP:

<Files ~ "\.inc$">
    Order Allow,Deny
    Deny from all

Another option would be to place them in a folder ABOVE your web root, so
that Apache can't serve them -- if you have that option.

This does a few things for me:

1. I know that all *.php files are intended to be served direct to the user
through a web browser, and I know that all .inc files are code fragments,
not intended to be run out of context.

2. As long as Apache is configured properly, no one will see any passwords n



on 22/09/02 11:55 AM, Chuck PUP Payne ([EMAIL PROTECTED]) wrote:

> Hi,
> I have a question. I been working a personal project that I am want to make
> a like simpler. I have several pages have in which I have place the
> information to connect to my database, whick is getting old.
> What I am wanting to do is create file like most do, a config, but I want to
> know which is better, config.php or config.inc. I know there not much
> different from what I have read but I am wanting to know which gives more
> protection. And what recommendation would you give on set it up? I am only
> asking because I am at some point wanting to release my project to public.
> Chuck Payne
> Magi Design and Support

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to