difference between .php and .inc

pohopo

when you are including files, is there any difference between a .inc file and .php? Right now all my include pages (I have a lot) are .inc files, but I notice some people have .php as include files.

paulnaj

Hi,

Seems that a lot of tutorials and books use .inc in their examples. But, I noticed one day, that if a user can navigate to the file, then some browsers will either display the contents of the file or possibly open a dialog and ask if you want to open the file or save it locally.

This is only a problem if the 'include' files are in a folder below the websites root folder (where the index page is).

If you use .php for the extension, however, then if a user navigates to the file, it will actually run the contents of the file at the server.

Suppose the file contains a list of functions, classes and variable definitions or even private settings. An error could occur, or maybe not. But whatever happens, the contents won't be displayed in the browser and the 'open/save' dialog won't open.

The best solution to all of this is to put all of your 'include' files in a folder above the root or in a password-protected folder elsewhere. Then you can use any extension!!

Paul 🙂

nunomira

hi,

I guess the trick with the .inc extension is that the webserver has to be configured to handle .inc files the way you want, and not to show their content or prompt to download them.

If you ever look at phpMyAdmin, they use .inc.php.
The .inc is just to distinguish from other files(just for the developer's convinience).
But, for security reasons the .php is added (.inc.php), so that it's more secure with every configuration (as you may not have control over the server's configuration).

As another security measure use a folder outside the root of the server, just like paulnaj suggested. This, just in case you need security!
You may be just using function definitions, or a header or footer... which don't need security at all.

pohopo

very interesting. thanks for the info. i was using *.inc, but i will change them to inc.php though i do not think i can move it outside as i do not own the server (hosting with someone).

and i just tried to view the *.inc file and it did show all the php code. scarey!