Apart from unfortunately placed ?> 's or " 's this is possible.
A very common mistake is not to register all of your php file extensions with apache. I've seen a number of sites for example that didn't have the .inc extension registered, include() doesn't care about that, but if your includes are under the document root of your website (that happens a lot too, i don't know why ?) and you specify the exact name of the include in your browser (or worse, the directory is browsable from the web), the webserver will default to text/plain content and display the source. Bad thing since includes usually contain passwords and stuff. bvr. On Wed, 16 Jan 2002 13:19:20 -0800, Richard Baskett wrote: >PHP is a server side language so the PHP engine parses all the php code in >your webpage and then spits out html code. So when surfing through a >website that uses PHP you will never see PHP code unless of course you >screwed up and echoed the data :) > >Rick > >"How wonderful it is that nobody need wait a single moment to improve the >world." - Anne Frank > >> From: "Phil Schwarzmann" <[EMAIL PROTECTED]> >> Date: Wed, 16 Jan 2002 16:03:45 -0500 >> To: <[EMAIL PROTECTED]> >> Subject: [PHP] PHP Security - "view source code" >> >> How easy/hard is it to view the PHP source code when you're at website? >> >> I noticed when I was using Internet Explorer, if I pressed "view >> source"...it would show the HTML but not the PHP. >> >> -Phil >> > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
