Does it make any difference if you include (include/require/include_once/require_once) files with extension ".inc" or ".php"?
It makes no difference as far as PHP is concerned. You're just telling PHP what file to load.
However, .inc files are generally served up as plain text if requested on their own. This means that anyone can view the PHP code (and possibly passwords?) they contain.
So many people will just name them with a .php extension so nothing is returned to the user. This has it's own set of problems because now the files can be run out of context. Depending on your application, this could be a big issue; what if they could bypass your security measures by requesting files on their own?
This is a fairly frequently asked question and the number one suggestion is always to place the files outside of your web root so they can not be requested through a browser at all. PHP can still include them, you just have to provide the correct path. Then you can give them any extension you want.
This isn't always possible or ideal, though and then you have to resort to either naming them with .php extensions (and being aware of the issue discussed above) or relying on an .htaccess file to deny access to any .inc files (so people cannot view/run them out of context). .htaccess is not an entirely portable solution, though, so you have to take that into consideration also.
Good luck with your decision. I personally use .inc.php (for visual reference of which ones are include files) and stay aware of what could happen if these files are run out of context.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
