Re: PHP includes structure
by Kevin Waterson <kevin(at)oceania.net>
|
Date: |
Mon, 30 Dec 2002 04:06:49 +1100 |
To: |
Frances Wicks <ladywight(at)yahoo.com> |
Cc: |
hwg-techniques(at)hwg.org |
References: |
localhost yahoo |
|
todo: View
Thread,
Original
|
|
This one time, at band camp,
Frances Wicks <ladywight(at)yahoo.com> wrote:
> My question is simply if this is so easy, am I missing
> something? I haven't seen this setup discussed
> before. Is this setup stable for even very large
> sites or are there some issues with this structure for
> search engines, etc? I'm aware of the caution to
> ensure that the includes end with .php to ensure they
> are parsed.
This is quite a common method with PHP. It is a basic form
of templating. I am currently writing
a template engine which does much the same. The use of passing
variables through the url is fine.
The naming of included files is not really and issue of parsing
as the parser drops out of php mode and into html mode. You
could simply name the file include.inc and it would be parsed
and any php code would need to specified as <?php ?>.
But naming a file .inc leaves it open to viewing via the url.
http://www.example.com/includes/file.inc
Not a good thing if your included file contains sensitive info
like passwords for db connectivity. when the file is named .php
and you try to access it via the url it will display a blank.
A good way to stop this sort of thing is to have your include
files out of the web tree completely.
include("/path/to/file")
Kind regards
Kevin
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
Kevin Waterson
Port Macquarie, Australia
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA