I have just begun playing with php includes; and I have a couple of questions that I would like help with:
- What are the ways to prevent direct access to include files stored centrally in one directory (e.g. includes)?
I’d like to know the different options–just for my own learning. From my reading, I have come across 3 methods:
Method A - Place the includes directory outside web accessible area.
Method B - Leave directory inside web accessible area, and use .htaccess to limit access.
Method C - Combine Method B with per-file blocking. (I am curious to learn how per-file blocking works - code examples, please.)
Are there other ways? And which method is most secure and efficient?
Can include files that contain no php (just pure html) have a .php extension?
All help will be gratefully received.