Hi!
as I wrote in my mail:
1.
I won't name them ".inc" but ".inc.php" (so *I* know, it's an include file)
2.
I don't even want them to be executable!!!
and therefore my question was, if this (on top of every include-file) would
be safe enough:
>> if (substr($SCRIPT_URL,-8)==".inc.php") exit;
$PHP_SELF better than $SCRIPT_URL in line above???
thanks
michi
> Include files do not have to end with '.inc', which is purely a convention
> of dubious value. If you use '.php' as the extension for included files,
> they will have to be parsed by PHP and can't be read as plain text from
> outside.
>
> > Hi!
> >
> > I want my include-files not be seen from outside AND not be executed!!!
> > I don't have access to a directory outside DOCUMENT_ROOT and I don't
> have
> > .htaccess!!!
> >
> > I think about something like:
> > 1.
> > name: <file>.inc.php
> > 2.
> > add code:
> > if ($PHP_SELF==MY_NAME) exit;
> > as first line in the inluded script.
> > so, if the script is being included from another script, the code will
> be
> > executed - but if the file will be called directly, no code is executed!
> > BUT - how do I get the include-file's name?
> >
> > or is it safe enough, to use something like
> > if (substr($SCRIPT_URL,-8)==".inc.php") exit;
--
Sent through GMX FreeMail - http://www.gmx.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
