Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
troy beckett
12,035 Pointsstoring include files securely
I'm reading a book trying to learn php. I've got to a part about includes and how you need to store them securely. For some reason I can't totally understand what the book is saying. This is what the book says:
"The best place to store include files is a directory where outside users cannot access them. For example for your website, set up an include directory that is outside your webspace. That is a directory in a location that outside users can't access using their browsers."
Can someone explain what this method is. If possible could you give me an example. I'm currently using xampp It seems simple but I just can't picture it in my head
1 Answer
Codin - Codesmite
8,600 PointsLets say you have the file structure:
/root/index.php - Accessible in web browser via www.yoursite.com/index.php
/root/includes/header.php - Accessible in web browser via www.yoursite.com/includes/header.php
Where as if you had the includes folder at the same level as the root folder.
/root/index.php - Accessible in web browser via www.yoursite.com/index.php
/includes/header.php - Not accessible in web browser as there is no URL location outside of the root folder. Although still accessible server side in your php file by targeting the server location rather then URL.
To access header.php for example in your index.php file you would simply do the following:
<?php
include('../includes/header.php');
?>
As index.php is located in the root folder it will go up one level to the folder containing the root folder.
troy beckett
12,035 Pointstroy beckett
12,035 PointsI 100% understand what it's doing now so thanks a lot, the only thing that is confusing me is how you set it up so your includes folder is the same as the root folder. Maybe it won't become clear until I try to actually launch a website using php.
For myself I'm currently using xampp. What would you consider the root directory in xampp and how would you set up the folders to achieve similar what you described above.
Thanks a lot though as you made everything a lot more clearer to me
Codin - Codesmite
8,600 PointsCodin - Codesmite
8,600 PointsI've made a screenshot of one of my webservers connected via FTP in Filezilla FTP program: http://codesmite.com/rootexample.jpg
This is the FTP to the servers file directories.
My root folder is "public_html". As you can see I have a folder called "private" I store my database passwords in an ini file in that folder as it is not accessible via url and only by people that have access to the server.
I believe xampp root folder is called "htdocs".
troy beckett
12,035 Pointstroy beckett
12,035 Pointsthank you so much for taking the time for that screen shot really appreciate it.
I'm just want to make sure I've got it right in my mind:
Codin - Codesmite
8,600 PointsCodin - Codesmite
8,600 PointsCorrect :)
If you are looking for a very secure way to store database passwords in PHP as well check out my answer to this question:
https://teamtreehouse.com/community/whats-considered-a-safe-protocol-for-accessing-a-database-on-the-web