www directory or below that.

Peter Bubresko

New member
Quote from a book:
Instead of repeating this code at the top of every file, we can move it to an
include file. Include files are just like normal PHP files, but typically they
contain snippets of code that are only useful within the context of a larger
scripts. As such, as with templates, we don't want people to be able to navigate
directly to these files by typing the filename into their browser, as they only
Structured PHP Programming 224
contain small snippets that won't produce any meaningful output on their
own.
We'll solve this problem the same way we did with templates: by creating a
directory outside the public directory, so that any files are placed in this new one
directory can only be accessed by other PHP scripts. We'll call this directory
includes , and use it to store our code snippets.
Inside the new includes directory, create a file called
DatabaseConnection.php and place the database connection code inside it:
Quote end.

Does this mean that you create an area outside the www directory on the server, or is the new "includes" directory placed in the root of www directory?
 
Files in the public directory (/public_html) can be accessed directly through a web browser
Files outside the public directory can only be included by PHP scripts, but cannot be accessed directly by users typing URLs

This is a security best practice because it prevents sensitive configuration files (like database credentials) from being potentially exposed to web visitors, even if they try to guess the file URL.

If you were to place the includes directory inside the public web directory, there would be a risk that someone could potentially access sensitive code or configuration details by navigating directly to those files through their browser.
 
Ok, I see. So the right path to the includes directory will be/../includes/file.php if the includes directory is outside/below the www directory.

Thank you "staff member" :)
 
Back
Top