2

I have a site that uses a number of includes (for footer, email processing, etc.). I am also using AJAX, which calls a particular URL to load the data. I am a little confused as to where these files should be located on the server. I assume that, for security reasons, it is a bad idea to have the files or paths visible to the public. However, when I place the files outside of my public_html folder, merely using "./filename" doesn't work.

UPDATE: Unless I provide the full path name, the include does not work. I receive an error when I use the following path include:

<?php include('../includes/footer.php');?>

The footer file is located in the following path: home/user/php/includes/footer.php.

My site is located at: home/user/public_html/site.com/files

UPDATE 2: I added a new include_path: "/home/user/php". I changed the include to "includes/footer.php". It is now working properly.

However, if anyone else has any thoughts on my original question I'd appreciate it.

Ken
  • 3,091
  • 12
  • 42
  • 69

3 Answers3

1

If your site is at something/public_html you could use the folder something/include/footer.php

include '../include/footer.php'

for includes, as to where you put your ajax files I don't think it matters all that much, people can view the javascript to find the address in any case

Andreas
  • 128
  • 1
  • 12
  • Thank you, but I must be doing something wrong. When I use the entire path, the include works fine. But when I use the method you suggested, I get an error. File is located at user/includes/footer.php – Ken May 21 '11 at 18:46
  • @Ken for your example use "include '../../php/includes/footer.php';" as you have to go back two folders to reach user and then enter php/includes/ – Andreas May 21 '11 at 22:29
1

It looks like you may have it outside your document root.

If your website has to be in /home/user/public_html (or similar) try putting your includes folder in /home/user/public_html/includes and just refer to /includes

Yes, there is an argument for not having files in public accessible areas, but if you have coded your PHP files well it shouldn't be a problem.

People can't see the source and with simple error trapping e.g. is the user logged in, or does the form submit field have a value, you can boot them back to an error page or wherever you like.

Steve
  • 1,371
  • 1
  • 16
  • 38
0

PHP files if requested will first be processed by PHP. So the user can never get the actual php file. Just it's output.

George Kastrinis
  • 4,924
  • 4
  • 29
  • 46