Page extensions....

[gabe8496]

I've been looking over some code and notice many use the following format (when doing and include)

 

pagename.inc.php

 

What effect does .inc have on a page that is included versus including a page without it? What am I missing? I did some search on web page extensions via google and couldn't find anything describing this.

 

Any info would be greatly appreciated.

 

Thanks,

 

Gabe

[rarebit]

Nothing from what i'm aware, it'll just be a practice to indicate to others that the page is never called directly...

[gabe8496]

is there ways to restrict direct access to them?

[rarebit]

Set file permissions, use '.htaccess' or use 'mod_rewrite' from with '.htaccess', put em in a folder and set folder permissions, etc...

[GingerRobot]

Indeed. The only reason why people end with the extension .inc.php is to show that the file is one that will be included by others. Some people simply end with the extension .inc. However this is bad practice and a security issue, because it may lead people to be able to see the php code in plain text.

 

As for resticting access, it may not be necessary. As long as the final extension is .php, then the page will be parsed by the php processor, so no-one would be able to see your code. If access is still an issue, then as has been suggested, you can restrict with permissions or .htaccess. Another alternative is to place the files outside of the web root folder.