I was playing with some PHP and I am confused about something, hence my posting to you guys here.

I created a file with some simple code as follows

<html>
<body><?php
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
elseif ($d=="Sun")
echo "Have a nice Sunday!";
else
echo "Have a nice day!";
?></body>
</html>

I saved the above as an test.html file and tried to view it and it did nothing. Soooo, I did this


<?php
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
elseif ($d=="Sun")
echo "Have a nice Sunday!";
else
echo "Have a nice day!";
?>

I saved this as as test.php and it worked the way I expected.

Why does it not work as php code embedded within an html file but it works as a stand alone php file?

Thanks for the help.
Tigg

<html>
<body><?php
$d=date("D");
if ($d=="Fri") {
echo "Have a nice weekend!";
}
elseif ($d=="Sun") {
echo "Have a nice Sunday!";
}
else {
echo "Have a nice day!";
}
?></body>
</html>

Save that as a .php file and it will work fine. All php must be in a .php file for the server to know to parse it. :yes

Actually, you can configure MIME types to allow the httpd service on Apache to parse PHP code:
application/x-httpd-php .htm .html

If you're running Cpanel on your server, you can go to MIME types and adjust it there. I'm not sure about Plesk or other control panels. I'm also not sure about how to do this manually using SSH, but I'm sure there's a pretty easy way - perhaps in php.ini? Someone can probably weigh in on that...

If you're running a Windows server, I have no idea how to help you. :)

thanks guys, I will give it a shot.

Actually, you can configure MIME types to allow the httpd service on Apache to parse PHP code:
application/x-httpd-php .htm .html

If you're running Cpanel on your server, you can go to MIME types and adjust it there. I'm not sure about Plesk or other control panels. I'm also not sure about how to do this manually using SSH, but I'm sure there's a pretty easy way - perhaps in php.ini? Someone can probably weigh in on that...

If you're running a Windows server, I have no idea how to help you. :)

I'm not a PHP expert but here are a few things that I did.

For Windows or Linux Apache server, I can have any text file with any extension as I like and treat them as PHP. I do this by editing (as mentioned by Eric ) the httpd.conf ( located inside conf folder in Windows ) at this line:
application/x-httpd-php .ir .mine .happy .any .his .her .dot .hehe

I implemented ".ir" for testing on Linux here : www.iresource.info , where I used CPanel to add ".ir". I can use .htaccess text file for the same purpose.

I dare not touch php.ini file much except on a few places:
> set location of my temp directory to save php sessions
> increase or decrease the max size of my upload files via php scripts
> switch magic_quotes on/off
> switch globals on/off
> enabling/disabling some extra modules like gd2, java etc

For main php files, I save it as ".php". For auxiliary or include files, I normally saved as ".inc". This way I dont get confused.

But I maintain a simple "index.html" eventhough I have "index.php" as default, just in case my php server died, scripts corrupted and for yahoo/google search bots to do their jobs faster.

Great tips azmanar for a PHP beginner like me! I wish I had more time to learn it. :)

...
For main php files, I save it as ".php". For auxiliary or include files, I normally saved as ".inc". This way I dont get confused. ...

You may also want to add that .inc extension to the php handler otherwise anyone can view the code by browsing to that page directly...since there is no php handler it will render the code as plain text in the browser (unless another handler is defined elsewhere). At least this is the way MIME Types work in IIS, I don't have much Apache experience.

You may also want to add that .inc extension to the php handler otherwise anyone can view the code by browsing to that page directly...since there is no php handler it will render the code as plain text in the browser (unless another handler is defined elsewhere). At least this is the way MIME Types work in IIS, I don't have much Apache experience.


That is a good suggestion. I was wondering about that. Here is another related question. If you have a file that uses the include or require commands to reference a php file, how secure is that referenced php file. I tried this and was not able to see the source when I used this other file, even when I browsed to it directly and did a view source. I am just curious how secure that file is.

Thanks
Tigg

Tigg,

What BNKrazy pointed out is very important and really depends on how the web hosting provider configures his service for you. I normally verify.

I gotta be pretty sure on how the Apache server reacts
>> when using "something.inc" as a config files.
>> when there is no default index file in a directory

This test server has not been configured with ".inc" as php handler and has not been configured to autodetect a directory without index ( so no "403 -Unauthorized" message, thus making my directory naked).
www.azman.info/myTest (a simple test I used for servers with dynamic web apps).

Best is to add ".inc" to php handler mime types and configure hidden directories to 403 ( or add redirect index file in it).

Some people named their config folders and files with predictable names ... ..... very risky.

...If you have a file that uses the include or require commands to reference a php file, how secure is that referenced php file. ... I am just curious how secure that file is...

As long as all files with code in them are handled by php or something other than simply output as html you should be fine.

To avoid MIME type issues, I simply place all my include files in an /inc folder with normal scripting language extensions...you will never have any trouble that way.

And, you can configure .htaccess for any folder on your server to disallow directory listings. It's pretty straightforward.