General Question

[Gmunky]

Is there a difference between naming a file that is to be included in a script with a .php or .inc extension?

For intance, if I want to include a script with my database connection info, does it matter if I use

include ("db.php"); or include ("db.inc"); ? is one more secure than the other? Thanks for the info!

 

[pocobueno1388]

If you connecting to the database using PHP, then I would assume it would require the .php extension. I'm not 100% sure though.

[Wireless102]

yes, a inc file will let anyone read it. a php file will not display the information

[Wireless102]

and its best to store those types of files outside of the public directory

 

[Dragen]

If you connecting to the database using PHP, then I would assume it would require the .php extension. I'm not 100% sure though.

I'm sure that you could include an .inc file inside a .php file. I know you can include other filetypes, such as .txt, so I see no reason why you shouldn't be able to include .inc.

 

I don't know about .inc files though, so I can't comment on security issues..

[trq]

I don't know about .inc files though, so I can't comment on security issues..

 

The security issue is that if someone accesses an *.inc file directly, it will be shown as plain text. So... if it contains valuable data (database usernames / passwords) your foobared.

[Yesideez]

I label all my PHP includes as "inc_*.php"

 

That way I can see which files are includes and they all show in the same place in Windows