Hudzilla.org - the homepage of Paul Hudson

17.1.3 Put key files outside your document root

This is NOT the latest copy of this book; click here for the latest version.

Your document root is the root directory of your web server. That is, if your site is example.com, the root directory would be the directory that http://www.example.com/ points to. For example, on Linux this is often /var/www/html, and on Windows this is often c:\wwwroot.

As long as you have the permissions set up correctly, PHP can read from any file you want inside scripts. However, unless you configure Apache to do otherwise, users will not be able to load files from outside of the document root directly through their web browser. That is, if you place your files in /var/www, and the "highest" directory your visitors can get to is /var/www/html, then the files are safe.

<< 17.1.2 Choose your file extension carefully		17.1.4 Remember that most files are public >>
Table of Contents

Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.

My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!

Be the first to add a comment to this chapter!

Add comment
Please note that by posting a comment here you are committing it to the public domain. This is important so that others can make use of your code themselves, and also so that I can incorporate helpful notes directly into the main text. Comments are limited to 2000 characters in length.

If you are reporting an error in the content, please tell me directly.