After I finished web dev/design at college I posted my portfolio site. Within sub-directories I posted some other sites and basic web applications (PHP/MySQL) that I had done as projects. This was all to demonstrate what I had built in order to get a job.
I bought a domain for the main portfolio site, effectively the parent directory of the others. The files in the directory structure were all HTML, CSS and PHP scripts. Also, at some point I exported the contents of the DB of one of my small applications and chucked it into the directory where that app was sitting. The DB tables contained names of people in my class who I used as ‘example’ data for my app.
Later a former classmate messaged me to tell me that he had found that .sql file by googling his name. So I looked kind of dumb and removed that .sql file. But I previously thought that only HTML, CSS and JS files got indexed or were visible to the public. But know it seems I was wrong, and ALL files in sub-directories of the domain can be indexed and their contents viewed. Is this also the case with csv and PHP files? If so, what is stopping hackers from viewing your PHP files to see how your site is programmed? Can I put ANYTHING in or below the domain directory that is essential to the inner functioning of the site? If I can’t, where do I put things like PHP files then?