Protecting PHP Includes
In order to create a PHP file that is inaccessible from the WWW, please follow these instructions.
1) Create a directory within your public_html directory
2) Password protect the directory
3) Add the files that you do not want to be accessible to the protected directory
As PHP accesses files internally, it ignores password protected directories. However, if anyone tried to directly access those files from an external source, they would be prompted for a username and password.
An alternative method would be to store the file outside of the web root. So, if you have a script located at:
/home/sites/yoursite.com/public_html/thescript.php
You could place your database connection file here:
/home/sites/yoursite.com/dbconnect.php
And in 'thescript.php', you would have this line:
include('/home/sites/yoursite.com/dbconnect.php');
Thus, keeping it away from the web.
I have created an include file that contains a username and password for a database. How do I prevent people from accessing that file directly?
- 34 Users Found This Useful