LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 03-04-2008, 08:35 AM   #16
dguitar
Member
 
Registered: Jun 2005
Location: Portland, ME
Distribution: Slackware 13, CentOS 5.3, FBSD 7.2, OBSD 4.6, Fedora 11
Posts: 122

Rep: Reputation: 17

Quote:
Originally Posted by graemef View Post
it could be viewed as plain text this is a security risk in the world of open source that is less of an issue since the scripts can be read anyway, and are made available in a far more convenient format.
This can be true and it's great if everyone made their source code widely available. However, not all of us work in an 'open' environment. I just want to point out that '.inc' can be viewed as plain text so if work for one of those big scary corporations, where you don't own the code you write (they do), it might be a good idea not to use '.inc'.

I remember a few years ago a company got utterly hacked because they had their db connection in /includes/connection.inc <--- bad idea

root p/w was in the file... was bad.


Quote:
Originally Posted by osor View Post
I think this depends on how the server is configured.
Can anyone confirm? I've never seen anything to change that behavior - although I've never actually looked.

Last edited by dguitar; 03-04-2008 at 08:37 AM. Reason: typo
 
Old 03-04-2008, 08:39 AM   #17
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Quote:
The reason for this is that the include file will not include any php functions or classes, instead it is just php code or even just html code. In my opinion that is poor practice and it is certainly falling out of vogue (particularly since php has strengthened its support for O-O programming). Include files should really only contain functions or classes, include them once and then call the function or method.
Too restrictive. Includes are a great place to put site-specific variables and those globals that can't be avoided as well. I routinely put things like mysql username/password, url name (both with and without the www prefix), webmaster email address, absolute path, https: url name, and other site-specific things in an include called config.php. Then, throughout my code, when these things come up I refer to the variable name.

This greatly enhances portability and maintainability; any change appears instantly site-wide.

I *could* put these things into a class then invoke the class, but given the overhead associated with setting up then reading a class in an interpreted environment, I never do so.
 
Old 03-04-2008, 08:46 AM   #18
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Quote:
I remember a few years ago a company got utterly hacked because they had their db connection in /includes/connection.inc <--- bad idea
This information should be stored in a directory that is above the root of the website so that no web browser can access it. It can still be included in a script by referring to it by absolute path.
 
Old 03-04-2008, 09:02 AM   #19
nc3b
Member
 
Registered: Aug 2005
Posts: 330

Rep: Reputation: 32
Quote:
Can anyone confirm? I've never seen anything to change that behavior - although I've never actually looked.
Yea, I can confirm.
What do you suppose this does?
Code:
AddType application/x-httpd-php .php
 
Old 03-05-2008, 03:40 AM   #20
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,376

Rep: Reputation: 147Reputation: 147
Quote:
Originally Posted by jiml8 View Post
Too restrictive. Includes are a great place to put site-specific variables and those globals that can't be avoided as well. I routinely put things like mysql username/password, url name (both with and without the www prefix), webmaster email address, absolute path, https: url name, and other site-specific things in an include called config.php. Then, throughout my code, when these things come up I refer to the variable name.

This greatly enhances portability and maintainability; any change appears instantly site-wide.

I *could* put these things into a class then invoke the class, but given the overhead associated with setting up then reading a class in an interpreted environment, I never do so.
I agree with you that there are exceptions to what I said, but I believe that these should be exceptions and not the rule. Making the code clear and easy to read should be the goal and adding some structure to the code helps with that. For example your header.php and footer.php are clear examples of where this works.

Finally, the overhead of the interpreter can be reduced via pre-compiling and caching.
 
Old 03-05-2008, 08:11 AM   #21
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
How do you precompile PHP?
 
Old 03-05-2008, 04:05 PM   #22
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,376

Rep: Reputation: 147Reputation: 147
Whilst there are such products around that talk about compiling php I was thinking more along the lines of the Zend Cache which (as I understand it) pre compiles the code and then stores it in RAM, whereas there are some other solutions that grab all the different files save them as a single large cached file which will be used to run from. This second approach is much easier to implement but it really only saves time on the opening of files, the code still needs to run through the PHP compiler.
 
Old 03-16-2008, 01:01 PM   #23
rubadub
Member
 
Registered: Jun 2004
Posts: 233

Rep: Reputation: 33
Have a look in the manual for bcompiler.
 
  


Reply

Tags
php, rss


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding users with PHP (pass php variables to Expect script) Jayla Programming 1 10-20-2006 10:44 AM
I dont understand PHP includes logicdisaster Programming 2 04-20-2005 04:00 PM
PHP includes lawadm1 Linux - Software 1 08-21-2004 04:20 PM
gcc pass 2 -no fixed includes patch problems? SciYro Linux From Scratch 0 12-22-2003 06:30 PM
php parsing some includes. others are not. toadeny Linux - Newbie 4 09-18-2003 09:50 AM


All times are GMT -5. The time now is 02:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration