On 15 Feb 2002 at 10:50, Michael Kimsal wrote:
> Erik Price wrote:
> >
> > On Thursday, February 14, 2002, at 04:40 PM, Michael Kimsal wrote:
> >
> >> On that same topic, *why* do people name files with both .inc and
> >> .php? Your .inc file has PHP code in it, right? Why not just call it
> >> .php and
> >> spare the server reconfiguration. If knowing which files are
> >> "include" files (long time since I've made that distinction!) just
> >> prepend
> >> them with inc_ or put them all in an includes/ directory.
> >
> >
> > If you are including a file into another file with PHP's 'include()'
> > function, it doesn't matter what the extension is. You don't even need
> > an extension. Apache doesn't even see this as a separate file, it
> > thinks of it all as one big file with the name of whichever file is
> > doing the including.
> >
> > Giving the .inc suffix is a nice way to keep your code organized. Also,
> > I keep my .incs in a separate directory.
> >
> > Not to mention I have a directive in my server's conf file that
> > specifically prevents it from serving any file with the extension '.inc'.
> >
>
>
> That's great for you that you have that luxury, as do I, but not
> everyone has access to their server's conf file.
>
Yeah, you may not be able to access the server's conf file but you can still put your
include files outside the server's web space and name them whatever you want.
Put something like this in your scripts if you can't modify the php.ini or access the
server's conf directory.
ini_set("include_path", "/path_to_your_include_directory");
Regardless of the extension you use, putting them outside the server's web
accessible area is the best way to protect them. I just use .php and put them in
subdirectories to differentiate what site they are for or what their specific purpose
is.
> 'Organizing' would be better served with the separate directory and/or
> a prepend, because most directory structures are sorted by name by default.
>
> I replied privately to someone on this already, but I'll post it here as
> well.
>
> The majority of people learning PHP do so by examining other code, and a
> great many do so in shared hosting environments where they can't control
> the server config files. Furthermore, because they are new they don't
> understand the security implications of .inc or other extensions, and
> blindly copy code and run it without knowing they are exposed
> security-wise. That's my primary beef with .inc and other non- ".php"
> extensions.
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
K E I T H V A N C E
Web Developer, IT Professional
http://www.vanceconsulting.net
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
