I have a site that uses a number of includes (for footer, email processing, etc.). I am also using AJAX, which calls a particular URL to load the data. I am a little confused as to where these files should be located on the server. I assume that, for security reasons, it is a bad idea to have the files or paths visible to the public. However, when I place the files outside of my public_html folder, merely using "./filename" doesn't work.
UPDATE: Unless I provide the full path name, the include does not work. I receive an error when I use the following path include:
<?php include('../includes/footer.php');?>
The footer file is located in the following path: home/user/php/includes/footer.php.
My site is located at: home/user/public_html/site.com/files
UPDATE 2: I added a new include_path: "/home/user/php". I changed the include to "includes/footer.php". It is now working properly.
However, if anyone else has any thoughts on my original question I'd appreciate it.
It looks like you may have it outside your document root.
If your website has to be in /home/user/public_html (or similar) try putting your includes folder in /home/user/public_html/includes and just refer to /includes
Yes, there is an argument for not having files in public accessible areas, but if you have coded your PHP files well it shouldn't be a problem.
People can't see the source and with simple error trapping e.g. is the user logged in, or does the form submit field have a value, you can boot them back to an error page or wherever you like.