I have just begun playing with php includes; and I have a couple of questions that I would like help with:
1) What are the ways to prevent direct access to include files stored centrally in one directory (e.g. includes)?
I'd like to know the different options--just for my own learning. From my reading, I have come across 3 methods:
Method A - Place the includes directory outside web accessible area.
Method B - Leave directory inside web accessible area, and use .htaccess to limit access.
Method C - Combine Method B with per-file blocking. (I am curious to learn how per-file blocking works - code examples, please.)
2) Are there other ways? And which method is most secure and efficient?
3) Can include files that contain no php (just pure html) have a .php extension?
All help will be gratefully received.