File name: foo.php OR foo.htm

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello -

This has probably been asked before, but I would like to know when its
best to name a file with either extension.


- Olumide

Re: File name: foo.php OR foo.htm


Quoted text here. Click to load it

just as you like it. The browser typically does not look at the file  
extension at all. Just the MIME content type of the file is important,  
and that is controlled by the web server.
I think it is the best to name files with PHP code in it ".php" and  
files without PHP code in it ".htm(l)" because that is the default and  
should work on every webserver with PHP support.


Re: File name: foo.php OR foo.htm

Olumide wrote:

Quoted text here. Click to load it

Typically, your file will only be processed as PHP code if its extension is
".php".  Therefore, you should use that for all PHP files.  HTML files will
probably be handled correctly if they are given the .php extension, but the
best practice is to use .htm (or, preferably, .html) if the file contains no
PHP code.

Benjamin D. Esham  |  AIM: bdesham128  |  Jabber: same as e-mail
He has all the virtues I dislike and none of the vices I admire.
                                — Winston Churchill (attributed)

Re: File name: foo.php OR foo.htm


[re .htm and .php]

Quoted text here. Click to load it

I would say if the file or its output is text/html, name it .html.  If
the file contains PHP code, intended to be parsed, name it .php.  If
both, then both.

URLs, I would suggest not including any suffix.


Re: File name: foo.php OR foo.htm

Let's also consider some security issues...

It is never safe to reveal the technology behind the website; so, it is
safer not to show the .php extension (as well as .asp or .cfm etc...)
at all! mod_rewrite could help you.

Moreover, there are some mod_rewrite techniques that let you show the
.htm / .html extension instead of the .php / .asp etc.

Re: File name: foo.php OR foo.htm wrote:
Quoted text here. Click to load it

And security by obscurity is worse than no security at all - you think  
you have security but you don't.

If your site is secure, it doesn't matter what technology you use.  And  
if it's not secure, it doesn't matter how hard you try to obscure that fact.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: File name: foo.php OR foo.htm

Jerry Stuckle wrote:
Quoted text here. Click to load it

Yes, you're right. Of course there must be a robust and secure engine
behind, but...

Thanks to the hard work of php developers and sustainers, bugs in php
are found and solved quite daily; then, revealing the php technology
could be seriously dangerous if an attacker tries to deep scan (with
nmap, and similar tools) your host, allowing him to easily find which
php version the server is running and which attacks to use! Even if you
made a very robust and secure site...

IMHO, no one (except, of course ;P) should reveal the
technology behind; moreover, you should do everything you can not to
allow anyone to guess which technology you're using.


Site Timeline