Dimitri Vorontzov 0 Posted January 13, 2013 Report Share Posted January 13, 2013 I'm back to "Book 1" ("Repetition is the mother of knowledge") - - and I have a question. When I separate recurrent parts of the web application into separate files, to be included in the index.php, is it possible to use file extensions for included files other than .html, or .inc.html, or .php? For example, what if I want to save my header and footer as header.txt and footer.txt, or even header.jpg and footer.jpg. Would the code contained in them still work if I include them with modified extensions? Is this, or something similar, ever done, for example, as a security trick? Would appreciate your help! Quote Link to post Share on other sites
Larry 433 Posted January 14, 2013 Report Share Posted January 14, 2013 You can use any file extension you want for included files and it won't impact the usability of them as included files. However, if your included files has PHP in them, then you're making your site LESS secure by not using an extension that ends in .php. If you use .txt, for example, then the raw PHP code would be viewable in a browser. 1 Quote Link to post Share on other sites
Dimitri Vorontzov 0 Posted January 15, 2013 Author Report Share Posted January 15, 2013 Brilliant, thank you very much, Larry! Quote Link to post Share on other sites
Dimitri Vorontzov 0 Posted January 15, 2013 Author Report Share Posted January 15, 2013 P.S. As a corollary to that - if I want to include a non-php file into another file, and want to prevent its content from being viewable in a browser, perhaps I can save that file with .php extension? Quote Link to post Share on other sites
Larry 433 Posted January 16, 2013 Report Share Posted January 16, 2013 You're quite welcome. Personally, I wouldn't mess with file extensions too much, or rely upon them for security measures. File extensions are also supposed to convey meaning, which you lose when you swap them around for security purposes. Also, the use of .php extension to make something unviewable in a browser only applies if there's code within PHP tags. If you put plain text in a .php file and don't use the PHP tags, it'll still show. The best way to prevent something from being viewable in a web browser is to not put it in the Web directory. If that's not possible, the second best option is to use an .htacess file to deny access. 1 Quote Link to post Share on other sites
Dimitri Vorontzov 0 Posted January 17, 2013 Author Report Share Posted January 17, 2013 Excellent advice, thank you, Larry! Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.