Security of PHP script, embedded or otherwise

Question

I am curious about the security of PHP on an HTML webpage where PHP code is embedded (a webpage that would exist on the server as \"webpage.php\") or on a PHP script that ma

Answer 1

One simple thing you can do to guard against a simple server mis-configuration is to have the HTML file include a PHP file which is outside of the document root (at or above the level of the document root, usually "htdocs"). That way if there was a brief misconfiguration all the user would get would be the path to the included file, but they would not be able to load that included file directly in their browser.