View Full Version : dynamic.inc.php??protected

10-17-2003, 05:29 PM
i read somewhere that the
has three parts

dynamic =filename
inc = inclusion tag
php = php extension

the articel said that if files are included in this format then this file will only run if it is included in any other php file. and anyone who tries to access the file by directly typing the URL in the browser wont be able to execute it.SO is this true and safe method of including files?

second thing if the file for example is located at htis url


i want this file to execute only from from this domain i.e. www.abcd.com and abcd.com ..so what n how cani make this happen?help..

10-17-2003, 05:51 PM
I've never heard of that before.

If you give an include file a .php extension and you haven't changed the default permissions for the file or directory it is in then it will go through the PHP parser and any commnds in it will be executed and if there is any output it will be sent to the browser. They will not be able to see the code for it of course but they can still execute it.

If your include file has the comoon .inc extension and you haven't changed the default permissions for the file or the directory it is in then anyone can view the contents of that file.

It is usually best to place your include files above the root directory of your website. That way the public cannot access them. Or at the very least make the directory they are in not accessible to the public by changing the permssions on it.

There are lots of different methods of hiding/protecting include files.

10-17-2003, 06:37 PM

protecting the includes files by setting permissions.... do u mean read only...folders.? will i have to do that by using some scripts or by talking to my hosting company? any link or info about it on net?

10-17-2003, 07:03 PM
The easiest way would be to use a .htaccess file if your host allows that.

You could put the .htaccess file in your root directory and put something like this in it:

<Files .inc>
order allow,deny
deny from all

This would deny anyone from viewing or accessing files with .inc extensions in your site.

You could also CHMOD each and every file with the proper permissions not allowing the public to access or execute them. Or you could CHMOD the directory that the include files are in. You can find plenty of information in the forum on CHMOD by using the search feature or googling for it.

Like I said there are many effective ways but the most effective is of course putting the include files in a non-web accessible directory like above your root directory.