Quote:
|
Originally Posted by Bill Posters
That's a fair point, but wouldn't it be equally secure to use a standard .html suffix, but avoid using obvious names such as password. for included files?
|
If you mean your main file is x.php and your include (with PHP code in) is y.html then that would not be a good idea as again if someone called y.html directly the PHP code would not be processed (unless .html was configured as PHP) and the php code would be shown in the html file sent back to the browser. If the include only has html anyway then that is fine, it is only files with PHP code in that you need to be careful with.
Quote:
|
Originally Posted by Bill Posters
I'll look into trapping/surpressing errors as you mentioned.
Is there some way of doing that site-wide or will it need to be done on a page-by-page/function-by-function level?
|
If you control the site config you can set error levels and (I think) default error reporting mechanism that way, but as I tend to use hosted accounts I 'roll my own' using set_error_handling() functions. There is a section about it in PHP manual e.g.
here