Including remote files with SQL connection info?

jimmygoon

hopefully this:

: isn't possible is it?

That can't be possible? Can it? If so how do you protect against somebody just making SQL queries after including your header files with the connection info right off of your server!?!

bpat1434

Well, nothing is full-proof. There are measures you can take:

1.) Always disable directory listing and hotlinking to your "include" directories
2.) Never save includes with the extension "inc", save the as "inc.php"
3.) Use permissions for your include directory
4.) Use common sense

If you just think about it, the hackers that want to get in will not necessarily get your included files (since they can't tell that an outside inc file is included via PHP). Most hackers attack via SQL injection.

~Brett