If the include file has an extension that is not recognized by the server as
being a "PHP" file, the server will simply serve it up as text. So, your
file index.php is recognized as being a PHP file, it gets passed to PHP
which parses and compiles it and returns it to the server, which passes the
output back to the browser. No one can see the source for this file. OTOH,
say you have a file named database.password. The server does not recognize
this as a PHP file, and so simply dumps the contents to the browser as text.
The user sees the raw contents of the file.
Check with your provider to see if they won't setup an .htaccess file for
you. With that file, you can instruct the server not to display any files
with sertain extensions that you specify. Or, as also suggested, put files
with non-PHP extensions outside the document root directory.
Kirk
> What do you mean when you say "people typing the url in their
> browser to get
> the code?" I use MSIE and to get any of my web pages to show up on the
> Internet, I always have to type a url into my browser but I
> never see any
> code.
>
> Let's say I have some include file somewhere. Do you mean
> that if someone
> knew the name of the include file, they could type that path
> and file name
> and the code would display?
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
