how to make the code been invisible [closed]

PHP source isn’t served as ASCII to browsers like Javascript or CSS. Rather, it is run on the server and the output is sent back to the browser. So, you don’t have to worry about users downloading your PHP source, unless you messed up your Apache installation to not parse PHP files (hint: unless you tried to do this, you probably didn’t).

With that said, I like to keep my PHP include files outside of the web root whenever possible. This means that users won’t be able to execute these scripts, but the scripts that they will execute can include them.

For example, if your index.php file is in /var/site/www, I’d put all the PHP files I can in /var/site/inc.

Leave a Comment