Otto Wyss wrote: > Jochem Maas wrote: ... >>> ?> >> >> I never include the closing php tag in include files to avoid >> stray empty lines being output - which can cause any headers >> that you try to send after the offending include file is included >> to fail. >> > I'm used to code everything as correct as possible. ;-) it's a feature by design. and I'm merely parroting advice Rasmus himself has offered on this list - if it's good enough for him it's good enough for me :-) > >>> Is this save enough or are there better ways? Where should I store this >>> file so it isn't accessible via the net but inside scripts? >> >> outside the webroot. what people often do is create an include dir >> at the same level as the webroot dir and add this directory to the >> include_path >> ini setting. >> >> e.g. >> > Thanks for the sample. IMO it would be a good idea if the PHP > documentation had a "common or best practice" section, which contains > such samples. I know there are samples in other places yet these samples > tend to be outdated. I looked through some simple authentication samples > at Zend but all were from year 2001, 2002. I'd prefer just one sample > but up to date. phpsec.org is a good place to check out. and the manual user notes are a good place to dump tips you might want to share - you'd be surprised a the the ammount of helpful stuff in there. > > O. Wyss -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
