Includes

[adh32]

I just read a comment in another thread which stated that server-side includes should be stored in a directory that is outside of the public part of the directory structure. I didn't want to jump in on someone else's thread and a search found nothing, so I have a few questions about that.

What benefits does it bring? Surely what amounts to HTML snippets are not of any interest or at any risk?

If it is worthwhile, how would I do it? How do I work out if the directory structure is suitable and whether the host will allow it? How do I write the includes to access such a directory?

[Mittineague]

I think it was mentioned in the other thread, but it doesn''t mean every file you "include" eg. header.tpl.php and footer.tpl.php should be OK wherever.

But if the PHP pasrser crashes and a .php file is requested, it will be served as plain text.

So things like passwords.php, databaseloginfo.php etc. are best kept outside of the public root.

You can also put media or other files outside the root and have a public file fetch them when and if certain text conditions are met.