On Thu, November 2, 2006 3:01 pm, Alan Milnes wrote:
> Robin Vickery wrote:
>> include("http://www.squareinch.net/include/misc.inc";);
> Don't call files .inc - call them .inc.php if you really must have the
> inc somewhere, that way the Web Server will actually treat it as a php
> file and not display your details to the world if accessed directly.
So...
A Bad Guy can surf to them, and your PHP code gets executed completely
out of context, which you have never ever ever done any QA work on to
see what effect that would have...
Or, you could put your .inc files outside the web tree, and set
http://php.net/include_path correctly, and then the Bad Guy cannot
surf to them at all.
And you can name them .inc or .class or .dingdongthewickedwitchisdead
for all the difference it will make from a technical stand-point.
IMHO, the second option is much better.
YMMV
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
