Quote:
|
When using includes remember to always use .php as extension or it may render when called directly (e.g. if you called an include file password.inc or less likely password.txt) depending on how that extension is handled by your server.
|
That's a fair point, but wouldn't it be equally secure to use a standard
.html suffix, but avoid using obvious names such as
password. for included files?
I actually do use
.php for all site files now as most already contain php instructions and the few that don't simply look neater to me when viewing the directories.
(There's not so many that the additional redundant hits to the php parser hurt the performance)
The reason I ask is to increase my understanding of the php malarky.
I'll look into trapping/surpressing errors as you mentioned.
Is there some way of doing that site-wide or will it need to be done on a page-by-page/function-by-function level?