Steve Yates wrote: >"Justin French" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >>1. Name all included files .inc >> >> >If you name them *.php then put anything in them inside a function, then >when the user browses to that file he/she won't see anything at all. > I think this is a very poor tactic, because it "covers up" the problem rather than doing anything about it. You still allow people to access your modules directly, and worse, you allow them to execute these modules out of context. By restricting your modules to only allow function declarations, you also make things more difficult on yourself without any real benefit.
It's much better to properly name your included files *.inc as suggested by Mr. French and either: 1. don't put them under document root (my preference) or: 2. configure your Web server to not allow access to .inc files Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
