PHP file security on webserver

Question

I\'m slowly learning PHP, MySQL, along with some HTML, using localhost as my webserver. However, I\'m starting to wonder how my .php files are going to be secured if I put this

Answer 1

Try to download the .php file on your localhost. You'll find that all you get is HTML code. This is because of how a server works. Here is an example with a php file

1. Client (usually a web browser) sends a HTTP request to the server, i.e:

   GET /app.php HTTP/1.1

2. The server takes the request and processes it. In the case of a php file, the server should process the php file into HTML.

3. The HTML is returned to the client.

If you are using Apache, and want to make sure that the php files are being processed, make sure these rules are in your apache2.conf:

LoadModule php5_module modules/libphp5.so
AddHandler php5-script .php
AddType text/html .php

And, just for fun, if you did ever want to expose your php source, add this line to apache2.conf:

AddType application/x-httpd-php-source .phps

To be secure, make sure that your mySQL configuration files and anything else you don't want public are stored outside the directory you are serving up. The apache docs are a great resource for understanding how all this works.