ohdang888 Posted December 20, 2007 Share Posted December 20, 2007 is it "safer" for my site to put the included files in a place that people can't reach them. i'm not talkign about putting passwords in place to protect them, i'm saying something like this.. <?php include (".../menu.php")?> so that the include is loacted in the same directory as htdocs? Quote Link to comment https://forums.phpfreaks.com/topic/82548-solved-security-with-includes/ Share on other sites More sharing options...
MadTechie Posted December 20, 2007 Share Posted December 20, 2007 php is parsed so providing you don't echo the data you wish to hide theirs no problem.. also if some gain that level of access to read the php file it doesn't matter where their are! Quote Link to comment https://forums.phpfreaks.com/topic/82548-solved-security-with-includes/#findComment-419649 Share on other sites More sharing options...
The Little Guy Posted December 20, 2007 Share Posted December 20, 2007 depending on what is in the include file, you can place it outside the root folder. so, if you want to access menu.php from index.php where index.php is in the root folder, you would do this: <?php include ("../menu.php");?> (exactly what you have, except you have an extra dot which I removed.) That means, that this file can NEVER be accessed by ANYONE, unless they use the file index.php Quote Link to comment https://forums.phpfreaks.com/topic/82548-solved-security-with-includes/#findComment-419705 Share on other sites More sharing options...
corbin Posted December 20, 2007 Share Posted December 20, 2007 I like to do something like this: includefile.php defined('INCLUDE') or exit; //CONTENT HERE Then in another file define('INCLUDE', true); include('includefile.php'); Quote Link to comment https://forums.phpfreaks.com/topic/82548-solved-security-with-includes/#findComment-419709 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.