Dimitri Vorontzov Posted January 13, 2013 Share Posted January 13, 2013 I'm back to "Book 1" ("Repetition is the mother of knowledge") - - and I have a question. When I separate recurrent parts of the web application into separate files, to be included in the index.php, is it possible to use file extensions for included files other than .html, or .inc.html, or .php? For example, what if I want to save my header and footer as header.txt and footer.txt, or even header.jpg and footer.jpg. Would the code contained in them still work if I include them with modified extensions? Is this, or something similar, ever done, for example, as a security trick? Would appreciate your help! Link to comment Share on other sites More sharing options...
Larry Posted January 14, 2013 Share Posted January 14, 2013 You can use any file extension you want for included files and it won't impact the usability of them as included files. However, if your included files has PHP in them, then you're making your site LESS secure by not using an extension that ends in .php. If you use .txt, for example, then the raw PHP code would be viewable in a browser. 1 Link to comment Share on other sites More sharing options...
Dimitri Vorontzov Posted January 15, 2013 Author Share Posted January 15, 2013 Brilliant, thank you very much, Larry! Link to comment Share on other sites More sharing options...
Dimitri Vorontzov Posted January 15, 2013 Author Share Posted January 15, 2013 P.S. As a corollary to that - if I want to include a non-php file into another file, and want to prevent its content from being viewable in a browser, perhaps I can save that file with .php extension? Link to comment Share on other sites More sharing options...
Larry Posted January 16, 2013 Share Posted January 16, 2013 You're quite welcome. Personally, I wouldn't mess with file extensions too much, or rely upon them for security measures. File extensions are also supposed to convey meaning, which you lose when you swap them around for security purposes. Also, the use of .php extension to make something unviewable in a browser only applies if there's code within PHP tags. If you put plain text in a .php file and don't use the PHP tags, it'll still show. The best way to prevent something from being viewable in a web browser is to not put it in the Web directory. If that's not possible, the second best option is to use an .htacess file to deny access. 1 Link to comment Share on other sites More sharing options...
Dimitri Vorontzov Posted January 17, 2013 Author Share Posted January 17, 2013 Excellent advice, thank you, Larry! Link to comment Share on other sites More sharing options...
Recommended Posts