.inc files

[jimfog]

Is it necessary that files that need to be included in other files/scripts-using the require statement for example-have the .inc extension?The .inc file extension, what exactly its utility is?Why not end these files with the classic .php extension.I am talking about files that contain classes and are included in other scripts. In a book i am reading, a file which contained a class and and was required in another file had the .inc extension and i cannot understand why.Thanks.

[jeffman]

The convention exists for developer sanity and continuity.The .php extension tells the server to pass the text through the PHP interpreter. When text is included into a script that is already executing, the interpreting context is already turned on. So from the server's standpoint, the extension of an included file makes no difference at all.From your standpoint as a developer, differentiating the purpose of certain documents may help you look at an existing site and very quickly figure out what's going on. If you can do that in other ways, and if you don't expect your documents to be "inherited" by a later developer, do whatever works for you.The argument can easily be made that if an include file is all or primarily PHP code, a .php extension would help distinguish it from an include file that is all or primarily HTML.

[justsomeguy]

Also, something to keep in mind: if you name your include files with a .inc extension, and they are publicly-available, if someone browses to that URL the server will show them the code in the PHP file. That will not happen with a .php extension. If you're keeping sensitive details inside the include files, either make them PHP files or put them in a place where people can't directly access them online.

[jimfog]

Also, something to keep in mind: if you name your include files with a .inc extension, and they are publicly-available, if someone browses to that URL the server will show them the code in the PHP file. That will not happen with a .php extension. If you're keeping sensitive details inside the include files, either make them PHP files or put them in a place where people can't directly access them online.

Let us get this straight, but i need to completely understand this, security is very important.You are saying that files with the .inc extension, there contents can be viewed from visitors.You mean, in the cases, where these files are in a folder and exist as a STANDALONE, not included in an other script?Or there is also a danger when these files are included(with the include PHP statement) in another file which has the .php extension?

[thescientist]

only if they are viewed standalone and are within the webroot.as he said, if it contains sensitive information, put it outside the webroot. (or give it a .php extension when keeping it within the webroot)

[justsomeguy]

You are saying that files with the .inc extension, there contents can be viewed from visitors.

I'm saying that your server probably treats .inc files differently than .php files. Somewhere your server is configured to look for .php files and send them to PHP. It probably doesn't have any configuration like that set up for .inc files, so in the case where there's nothing special set up for it, the server usually just delivers the contents of the file to the browser as text. You can configure the server to do something like block access to .inc files if someone requests one directly, but it's just as easy to use .php for your include file extension instead. I use a folder called include, and it contains files like class.db.php, class.session.php, functions.utility.php, global.config.php, etc. Someone can type the URL to one of those files into a browser and just see a blank page, they won't see my code.

Or there is also a danger when these files are included(with the include PHP statement) in another file which has the .php extension?

That's not how including works, you can include any file you want and PHP will assume it's going to contain a mix of PHP code and any other content that it will send to the browser as output. The filename isn't relevant when you're including a file.