[Resolved] so tell me about .inc files

k994519

hi guys

ive heard alot about .inc files why are they better than including a simple *.php file......

how would one code them files into a normal script.......

Erkilite

an .inc file is just a php file with an .inc extension.

they are used to help differentiate bewteen which files are designed to be accessed by themselves and those which are designed to be included and 'used' by another php file.

the one draw back is that files with the .inc extension will not be parsed by the php processor. so if you have a file with a database password or something in it, it will be visible to someone if they try and access just the .inc file.

most of the time i see files named '.inc.php' to denote an included file but not allow someone to view the php code.

k994519

thanks

laserlight

Actually, a .inc file is normally just a .inc file, i.e. it can be read as a textfile.
Hence, a user viewing such a file would be able to view the source code.

Where database passwords and such are placed into a .inc file, and this .inc file being within the DOCUMENT_ROOT (i.e. still viewable to the Web), it becomes an immediate security risk.

One way to solve this is to name such files "file.inc", and then use a .php extension, as mentioned by Erkilite.
So the filename would appear as "file.inc.php"
Since it is now a .php file, it will be parsed as PHP.

Another way would be to change httpd.conf to include .inc files as files to be parsed by PHP.
If the file does contain sensitive information, and you can access to space outside the DOCUMENT_ROOT, then placing it in such non-web space would be advisable.