PHP files that do database inserts or some other server-side tasks,
should not be accessible via a web browser. All files under Document
Root of a website are accessible by a web-browser. Document Root is
the directory on the server's filesystem. This directory contains the
files/web pages of the website.
To avoid direct access of your php files, you can keep them in a
directory that is not inside Document Root. These files can then be
included into your templates. For web applications, a configuration
file can be included in all files using a relative path. This
configuration file may contain variables like database connection
details and other configuration variables. Include for database
connection too, should reside outside the Document Root.
Variables of help
$_SERVER['DOCUMENT_ROOT']
This followed by relative path of your conf or include files can be
used on most servers.
On shared hosting server, Document Root is not defined for each
website (virtual host), so this variable shows the default value. In
such cases, you can use
dirname(__FILE__)
This gives you the value of the directory containing the file.
No comments:
Post a Comment