Extensions Of The Included Files

[Dimitri Vorontzov 0]

I'm back to "Book 1" ("Repetition is the mother of knowledge") -

 

- and I have a question.

 

When I separate recurrent parts of the web application into separate files, to be included in the index.php, is it possible to use file extensions for included files other than .html, or .inc.html, or .php?

 

For example, what if I want to save my header and footer as header.txt and footer.txt, or even header.jpg and footer.jpg. Would the code contained in them still work if I include them with modified extensions?

 

Is this, or something similar, ever done, for example, as a security trick?

 

Would appreciate your help!

[Larry 428]

You can use any file extension you want for included files and it won't impact the usability of them as included files. However, if your included files has PHP in them, then you're making your site LESS secure by not using an extension that ends in .php. If you use .txt, for example, then the raw PHP code would be viewable in a browser.

[Dimitri Vorontzov 0]

Brilliant, thank you very much, Larry!

[Dimitri Vorontzov 0]

P.S. As a corollary to that - if I want to include a non-php file into another file, and want to prevent its content from being viewable in a browser, perhaps I can save that file with .php extension?

[Larry 428]

You're quite welcome. Personally, I wouldn't mess with file extensions too much, or rely upon them for security measures. File extensions are also supposed to convey meaning, which you lose when you swap them around for security purposes. Also, the use of .php extension to make something unviewable in a browser only applies if there's code within PHP tags. If you put plain text in a .php file and don't use the PHP tags, it'll still show. The best way to prevent something from being viewable in a web browser is to not put it in the Web directory. If that's not possible, the second best option is to use an .htacess file to deny access.

[Dimitri Vorontzov 0]

Excellent advice, thank you, Larry!