Re: [PHP] Bad Practices

[Yasuo Ohgaki]

> "Jeff Oien" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Would people like to list bad practices and also point us > > newbies to any articles online dealing with syntax, correct > > use of single and double quotes etc.? > > People who create scripts that include a need for access to a SQL database, > meaning you need to give it a username and password then making the damn > configuration file be called something stupid like config.inc. I think putting PHP configuration files under web document directory is not recommended.For most PHP files, that user never have to see, are better to place outside of web docuemnt directory. However, I prefer to separate PHP code and HTML as much as possible. So I put some files that has non-standard extentions under web document direcutory. You can setup Apache to deny any request for *.inc file, or whatever extention, just like .htaccess. If you want to put *.inc, or whatever, I strongly recommend to deny all the request to those files. > When you are scripting, using anything with a .inc extension is just asking > for trouble. If someone requests that file, it'll get passed straight to > them. It's a .inc, which means that PHP does not know to parse it. Which > means, that person can see your usernames and passwords. And because it's a > public package, they're far more likely to know the path to said file. -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]