I appreciate your advice, but it would not really apply to my structure
... because of the amount of files I use, I've got seperate include
folders for each section ... otherwise I'd get all weird in the head
trying to remember which files go where.

Basically it's the site in my sig that I'm converting to PHP, with a few
minor changes, made (easily) possible by the PHP. My first concern is to
make the site without a frameset, and without requiring any scripting
clientside. Once launched, I'll be looking into improving the site as much
as possible...taking as much advantage of PHP as possible ... but again, I
don't know the full extent of my options until I've gotten my webhotel...

How'd anyone be able to pull out my PHP source anyway? Since it's an http
server, it'll only respond to http requests, and since php is processed
upon request, the enitre source will be altered to just html ... don't get
that ... atleast the way I do it, the path to the included files is
hidden, 'cause it's all variable controlled ... it just plugs together the
variable with some path parts, directly in the include(...).

So for anyone to pull the includes, they'll need to know the exact path to
them, in order to retrieve them, right?


On Sat, 28 Sep 2002 18:52:47 -0400, <John W. Holmes> wrote about "RE:
[PHP] Newbie Q: Any difference what the .ext is on include() files???"
something that looked like this:

>The only thing to worry about is that if someone pulls up your include
>file, they're likely to see it as plain text and all of the code within
>it will be visible. If there is no PHP code within the file, or the PHP
>code is irrelevant (no passwords, logic, etc), then it doesn't matter. 
>I normally name my include files as file.inc.php. But (there is always a
>but) you have to remember that this file can be run out of context now,
>and all of the PHP code within it will be evaluated. It may or may not
>matter, but it's something to stay aware of. 
>A third option is to place them in an .htaccess protected directory or
>add a rule that .inc or .psrc files can't be called up through the
>browser (deny all). Depending on your web server, this may or may not be
>The safest and best method to using includes is to store them outside of
>the webroot, so they can't be called by the browser at all. An easy way
>to do this is to define to variables, the html path, and the include
>$_CONF['html'] = '/home/groups/user/htdocs/';
>$_CONF['include'] = '/home/groups/user/includes/';
>And then base all of your include(), fopen(), header(), href, etc, off
>of those two variables. Makes moving your sites very easy, too, just
>change the values of those variables...

Rene Brehmer
System developer in the making...

This message was written on 100% recycled spam.

My website: http://www.geocities.com/cerberus_hotdog
Babes and computer & internet references...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to