Protecting PHP Includes

In order to create a PHP file that is inaccessible from the WWW, please follow these instructions.

1) Create a directory within your public_html directory
2) Password protect the directory
3) Add the files that you do not want to be accessible to the protected directory

As PHP accesses files internally, it ignores password protected directories. However, if anyone tried to directly access those files from an external source, they would be prompted for a username and password.

An alternative method would be to store the file outside of the web root. So, if you have a script located at:

/home/sites/yoursite.com/public_html/thescript.php

You could place your database connection file here:

/home/sites/yoursite.com/dbconnect.php

And in 'thescript.php', you would have this line: include('/home/sites/yoursite.com/dbconnect.php'); Thus, keeping it away from the web.