Hello
I have noticed that many people put their php code in .inc files while others put it in .inc files.
Can someone tell me what are the differences between the two methods and when should I prefer one over the other?
thanks
difference between .inc and .php files
Moderator: General Moderators
-
davidklonski
- Forum Contributor
- Posts: 128
- Joined: Mon Mar 22, 2004 4:55 pm
There's no real difference. People just use .inc to indicate that the file is an included one. I prefere just to stick to .php
Also a default server setup is set not to parse .inc files as php files, so if you have a .inc file in your document root it could be possible to view the code in it and reveal sensitive information. You could always use .inc.php and get the best of both worlds.
Also a default server setup is set not to parse .inc files as php files, so if you have a .inc file in your document root it could be possible to view the code in it and reveal sensitive information. You could always use .inc.php and get the best of both worlds.
On the contrary..markl999 wrote:There's no real difference.
Thats a serious and signifigant difference - .inc by default is NOT parsed, and so can (usually) be viewed directly.markl999 wrote:Also a default server setup is set not to parse .inc files as php files, so if you have a .inc file in your document root it could be possible to view the code in it and reveal sensitive information. You could always use .inc.php and get the best of both worlds.
A novice hearing "there is no difference" might be tempted to put sensitive data there. Bad idea.
Definitely a real difference, and thats how the server handles them - inc is (usually) served plain-text, php is parsed.
If you use .inc files you should make sure your webserver parses them as .php files.
As stated by the previous posts you don't want your database username and password in your .inc file and then have someone be able to read it plain text.
You can test this by putting a .inc file on your server and calling it directly from the web browser. To be safe you can just use .php as was previously stated.
As stated by the previous posts you don't want your database username and password in your .inc file and then have someone be able to read it plain text.
You can test this by putting a .inc file on your server and calling it directly from the web browser. To be safe you can just use .php as was previously stated.