Page 1 of 1

what does including *.inc.php do?? secure???

Posted: Tue Jun 06, 2006 7:16 pm
by danselstudios
i've seen various tutorials that name their files with the extension 'inc' as follows:

config.inc.php

now, since the information in this file is the mysql database username and password (in order to connect) info, then i'm guessing its for security, or anti-theft.

why is this? what's the difference between config.inc.php and config.php???

also, what is the best way to secure my database information?
is there a way to open my php file and getting my hostname, username and pass??

thanks ahead of time.

Posted: Tue Jun 06, 2006 7:40 pm
by Christopher
First of all, the security measure is to make sure you name all of your PHP files with a ".php" extension (or whatever extension(s) are configured to parse PHP). The reason is that you do not want people to be able to view your source code by browsing your site.

Naming files with a ".inc.php" ending is just a convention that some programmers use. It is an older style of naming that was usually used for files that were library or support files -- rather than page scripts. I personally don't find the use of naming conventions like that too useful and prefer to put files in appropriatly named directories instead.

Posted: Tue Jun 06, 2006 9:37 pm
by AKA Panama Jack
Well, most people use that naming convention to designate that the file is an include file that is only included by another program and not used as a stand alone program.

It makes it so much easier to look at the filename to know that it is an include file irrespective of the directory it may be located. Some people just have an include directory and stuff everything in there that is used as an include file. Even then sticking .inc before the .php is useful for when you move files around during testing or modification.

Posted: Tue Jun 06, 2006 10:14 pm
by alex.barylski
arborint wrote:First of all, the security measure is to make sure you name all of your PHP files with a ".php" extension (or whatever extension(s) are configured to parse PHP). The reason is that you do not want people to be able to view your source code by browsing your site.

Naming files with a ".inc.php" ending is just a convention that some programmers use. It is an older style of naming that was usually used for files that were library or support files -- rather than page scripts. I personally don't find the use of naming conventions like that too useful and prefer to put files in appropriatly named directories instead.
While I agree the use of directories is solid...the use of naming files is also useful...

For instance, my editor (UltraEdit) allows multiple files to be opened at one time...

So I could have (lang.mainview.php, script.mainview.php, core.mainview.php, html.mainview.php, etc) all inside a single editor instance...and without confusion I can quickly tab the file I need to edit.

If I need the language file for that module I'm working on...I know it's inside lang.mainview.php...

If I named all the files mainview.php (and stored them in directories only) I would have to sequentially or randomly select the tabs until I found the language resource file in question...or mouse over each until the tooltip indicated which directory (lang, html, etc) the file resided in...

I can say from experience...that my method works muchy faster then waiting for the tooltip...that sometimes never shows :P at least on my windows systems :)

Cheers :)

Posted: Wed Jun 07, 2006 12:50 am
by Christopher
I probably expressed it badly, but my point was that using the ".php" for scripts is a security measure to not expose source code, because the web server calls the PHP module for files with that extension. Whereas naming like ".inc.php" are, testamonials aside, a matter of programmer taste. Not saying they are good or bad, just personal preference.

I also realized that in reading the responses that I probably don't use those types of naming because I use a Front Controller where everything is an include file. Not sure about the editor comment, but I don't use UltraEdit so I haven't noticed that as an issue.

Posted: Wed Jun 07, 2006 1:57 am
by danselstudios
well all your information is just perfect. i can now just get customed to my own preference, but the important thing here is i understand everything.

thanks to all!

PHP rules!