OK... Let me explain a couple things...
> On Wed, June 1, 2005 1:29 am, Denis Gerasimov said:
> > Second, which way are you differ PHP .inc files from HTML .inc files?
>
> There is no such thing as an HTML .inc file. :-)
I see what you mean... but I use templating systems to separate code from
design, so I have to differ "PHP .inc" files from "HTML .inc" files ;-)
>
> All your HTML .inc files, by definition, if they are being require'd or
> include'd into PHP *are* PHP .inc files.
>
> It is merely a coincidence of your design that they happen to have no
> <?php ?> tags in them.
>
> You *MAY* want to separate those into another other non-web tree
> directory.
Of course, I do. My WWW root contains just a couple of files (like
application.php, robots.txt, favicon.ico etc.). All other included files are
stored outside document root.
>
> > Third, I always write context-independent include files.
>
> Example?...
Example something.inc.php:
<?php
define('DIR_SOMEDIR', DIR_ROOT . '/somedir/');
function someFunc($num) {
return $num / 2;
}
class MyClass {
var $_someVar;
}
?>
Get me? :-)
>
> You *NEED* to have the policy/procedure in place to get those .inc and
> .inc.php and non-entry .php files *OUT* of the web-tree, or you will get
> bit, sooner or later.
>
> For 5 minutes of time, you can avoid dozens of potential pitfalls. [shrug]
>
Agree completely. So what I meant is .inc.php is *not* a security measure,
but just a way to make my life more comfortable.
But seems that that is a question of taste in some way. ;-)
Best regards,
Denis Gerasimov,
Chief Developer, VEKOS Ltd.
www.vekos.ru
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
