What are the potential issues with using a .php file extension for a file that contains HTML and PHP code?

Using a .php file extension for a file that contains HTML and PHP code can potentially expose sensitive information, such as database credentials, to users who access the file directly. To prevent this, it is recommended to use a .php file extension only for files that contain PHP code and to separate PHP logic from HTML content by using include or require statements.

&lt;?php
// index.php

// Include a separate file containing HTML content
include &#039;header.php&#039;;

// PHP logic goes here

// Include another file containing HTML content
include &#039;footer.php&#039;;
?&gt;

Keywords

file extension HTML PHP code security vulnerabilities server configuration

What are the potential issues with using a .php file extension for a file that contains HTML and PHP code?

Keywords

Related Questions