the php include(); function

[blondegeek]

Hello there,

I'm cleaning up the code of my website and I've stumbled upon the very tempting php include(); function. I'd love to use it because then obviously I only have to edit one page to affect all pages linked to it, BUT I definitely don't want any of my information that I include (such as global command to link to my SQL database) to be put at any risk. Is there anyway that the include command could present a security risk to my website? It might seem like a n00bish question, but I'd rather be safe than sorry. (Oh, by the way, I'm only using the include command on my own server, not to get stuff from one to the next...just in case that makes any difference.)

And while I'm posting in this specific forum: How safe is FTP or even SFTP? And I don't mean as far as others being able to intersect files, but being able to crack my username and password. Is is safer to use a password protected php operated file browser or is that exactly the same as using FTP?

Thanks!

 

[0x0161]

I'm cleaning up the code of my website and I've stumbled upon the very tempting php include(); function. I'd love to use it because then obviously I only have to edit one page to affect all pages linked to it, BUT I definitely don't want any of my information that I include (such as global command to link to my SQL database) to be put at any risk.

I was just checking out you're website as well as proof reading all the source code. I see one risk in their. Also, just a little F.Y.I I wouldnt use my real information to register you're domain with a web hosting company.

You should change the domain to 'hotblondegeek.net' just my two cents.

btw, wheres the skipper? Fallbrook High School
--->2007 North Division Junior Varsity Champion<--- pretty good. Anyways, to answer your question

How safe is FTP

Oh about as safe as any other 'clear text' protocols.

Just my two cents.

0x0161