Apache web server tutorial - PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY Choosing
PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY Choosing the right filename extension for includes Both of the include files you created in the preceding section have what may seem rather unusual filenames with two extensions, .inc and .php, strung together. The truth is that it doesn t matter what you use as a filename extension; PHP simply includes the content of the file and treats it as part of the main page. A common convention is to use .inc for all include files. However, this potentially exposes you to a major security risk because most servers treat .inc files as plain text. Let s say an include file contains the username and password to your database, and you store the file with an .inc filename extension within your website s root folder. Anyone who discovers the name of the file can simply type the URL in a browser address bar, and the browser will obligingly display all your secret details! On the other hand, any file with a .php extension is automatically sent to the PHP engine for parsing before it s sent to the browser. So, as long as your secret information is inside a PHP code block and in a file with a .php extension, it won t be exposed. That s why it s now widely recommended to use .inc.php as a double extension for PHP includes. The .inc part reminds you that it s an include file, but servers are only interested in the .php on the end, which ensures that all PHP code is correctly parsed. PHP Solution 4-2: Testing the security of includes Use index.php and menu.inc.php from the previous section. Alternatively, use index02.php and menu.inc01.php from the download files for this chapter. If you use the download files, remove the 02 and 01 from the filenames before using them. 1. Rename menu.inc.php as menu.inc and change the code in index.php so that the include command refers to menu.inc instead of menu.inc.php, like this: Even if you normally use absolute pathnames in your websites (ones that begin with a forward slash), use a relative pathname on this occasion. PHP include commands don t normally work with absolute pathnames. I ll show you how to get around this restriction later in the chapter. 2. Load index.php into a browser. You should see no difference. 3. Amend the code inside menu.inc to store a password inside a PHP variable like this:
4. Click the Reload button in your browser. As Figure 4-3 shows, the navigation menu still displays correctly. What s more, if you view the page s source code in the
Please visit Domain Name Hosting services for high quality webhost to host and run your jsp applications.