> "Other users on the same server *shouldn't* be able to include() in this way" > > How? > > Would their $_SERVER['HTTP_HOST'] not be the same?
You did not specify your circumstances in your original posting, so there is some confusion. One web server can handle many domains. An ISP offering shared hosting will run their server this way, because it is cheap. So, there are at least two cases: (1) Several webmasters running the same domain. They should be part of a disciplined team, so this should not be a problem. (2) Several domains, each run by one webmaster (or one team), possibly each in a different organisation. If you run the domain www.somedomainorother.com, that will be in the HTTP_HOST entry. If somebody running another domain calls the function that opens your database, the HTTP_HOST setting will be different. The suggestion is to write your open function to check for this. Simon Ritchie Download my introduction to PHP for $25: http://merrowinternet.com/downloads?source=ml -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
