PHP file security on webserver

Question

I\'m slowly learning PHP, MySQL, along with some HTML, using localhost as my webserver. However, I\'m starting to wonder how my .php files are going to be secured if I put this

Answer 1

While there is not a direct problem with doing this, (many applications do this, and since the source cannot be seen without hacking your site), many applications solve this using a 'frontcontroller'. A frontcontroller is used a lot in MVC structured (Model, View Controller) applications.

A typical structure is like this:

app/ (applications, controllers and views)
lib/ (libraries, generic logic)
config/ (your configurations)
web/ (your webproot, only for css, images, javascript etc.)
web/index.php (your frontcontroller)

By only exposing index.php and placing all php and sensitive files outside of your webroot they will not be accessable for anyone from the web.