On Tue, Mar 10, 2009 at 7:59 PM, Gary <gwpaul@xxxxxxx> wrote: > Thanks again for all the help. > > I created a simple page of all includes (header, menu, 3 columns). I mixed > the file types up. The menu (projectseven PMM) I saved as a library item, > works fine. Had an HTML file in there, but I am guessing that having 2 > page > declarations along with an extra set of <head> and <body> tags was playing > havoc with the code, so I removed them. Same thing when I created a php > page > and saved it as filename.inc.php, so I removed all the declarations and > tags, again seems to work fine. Also included a simple .txt file. > > I did get some strange results in that all of the <tags> were highlighted > after the menu, and I had to remove and insert again to correct. > > So is this the best way, to create a php page, remove all of the html tags > and page declarations and name it filename.inc.php? (I'm using DW CS3) If you think of the whole layout you know how to place the tags. that is there cant be two <html> tags or two <body> tags etc. So, it should be maintained well, that tags dont break and the html gets valid and you do have working and expected output. > > > Also, something I do not understand, I included a small txt file in a page > of a customer and it shows fine, however this file is not on the > server...is > this normal? As mentioned, for security reasons its not wise to include files without .php extentions. you should include like myincludefile.inc.php or sometext.txt.php etc. As you said you are allowing the txt file from outside the server, it is another security risk as well. allow_url_fopen lets this to open others file. But lets say the file is at the hand of a bad guy, and he modifies that with malicious code to intrude into your server. Please read php Security issues to know about them in details. CSRF, XSS, ClickJacking, Phishing, Code-injections, SQL injections etc etc etc. http://shiflett.org/ for PHP Web Security issues is a must read. also http://phpsec.org > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
