I've noticed that many scripts give output like "you can't access this file directly" when an include file is called directly in a url. Wouldn't it be better just to use the PHP header function to give a 404 not found header? So the potential intruder doesn't even get any initial recognition that there is a file at that location? Also with directories that aren't to be used directly - sometimes they contain a blank index.html file for cases where Apache is configured so it shows directories if there's no default or index file. Wouldn't it be better here just to have an index.php that does a 404 header so the cat isn't out of the bag that there's a directory there?
Also: from search engine optimization POV, it's a whole lot better if you, say, had an old ?articleid=124 that gets indexed by Google, which you later delete, and when Google looks for it again, gets a 404, instead of a page with header etc. that says "could not fetch article" (this same page will appear for each deletion, and your site will be punished for duplicate content). Is there a reason so many scripts output the headers, format the top part of the site, etc., and only then check to see if the article or content can be found in the database? Instead of first checking, and then sending the right headers, either standard, or else 404 if the page (in a virtual sense) isn't there?
