Page 1 of 1

Secure Inclusion Of PHP Code

Posted: Mon Aug 20, 2007 9:58 am
by kkonline
Hi there,
I am currently working with a php file. The php tags <? are open

and in between there is a piece of php which i want to include in the main file. suppose

Code: Select all

$query = "INSERT INTO upload (name, size, type, content ) ".
		         "VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
is the code which is to be included. As I would need to change that query again so that's why i want to include it separate.

Now my question is with what extension should I save the file having $query = "INSERT INTO upload (name, size, type, content ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
so that i can include it in the main file.

Is it ok to include file with <?php some data ?> into another file where the php tags are open?
If not then with what extension should i store the data mentioned above so user cannot see it. wen he types into the browser.?

The main concern is that if the user writes the name of the file which has data to be included then it should not be able to read it.

Posted: Mon Aug 20, 2007 10:01 am
by feyd
Have you read the include() documentation?