I believe that is a php.ini file not .htaccess but doing that in the php.ini will work fine.
Well I would recommend that instead of using a .htaccess file to password protect the files, instead use actual php code to protect the data and of course any sensitive data would be in a database where only php can access it when programmed securely.
Perhaps a google search will answer that.

If you have any classes, functions, ect. you need to move them behind the document root (same folder as public_html on most hosts). Then you just included them.

You need to add a php.ini file and protect it with .htaccess. This means you put your php configurations in the php.ini and disable people from viewing in their browser via .htaccess.

In your .htaccess file:

Also disable the directory listing so people cannot see what you have on the server.


Here is a good php.ini example:

php.ini usually only works on a per directory basis so if you have multiple folders that need the same configuration, you need copy the same php.ini into each directory. (Spent hours finding this one out)

If you do not have uploads on the site, make sure you turn file uploads to 'off'. Also, if you don't need to access remote urls then turn off allow_url_fopen.

Make sure you leave the error logging part of the ini file. This will make it so all errors are logged to a central location and not in the directory of the file which had the error. The reason for this is so hackers cannot see the errors of the site, which might help them hack it.

If you use sessions, make sure you change the location of where they are stored. If another account is compromised on the server, a hacker could get into the tmp directory where your sessions are and steal info/hijack a session.

Here is a link on changing it: http://us3.php.net/manual/en/functio...-save-path.php
You can also do it through php.ini.

Make sure the directory where you are storing the sessions is not accessible to the public.

I wouldn't use http authentication with a .htpasswd file. At least use a database to store the login info. A login system with php (like cwarn23 said) would be best in my opinion. I posted a good example at: http://www.daniweb.com/forums/thread212083.html

I understand it will save it in logs folder, but what does file extention does it need to be?
What i dont understand is, cant i just disable it rather than saving it? I mean lets say my website is done and i will never update it (which isnt the case lol) can i not just disable it, can you please tell me why i need it and if so can i not save error to mysql database?


Thank you for your information, it has been printed and sace , I think its now time to learn PHP correctly rather than doing shortcuts.

It doesn't need one. You can make one up if you want to.

Error logs can tell you a lot. Errors shouldn't be shown to your users, so I something goes wrong you need to be able to find the error somewhere. Always have the error log on.

You can also use


rather than use .htaccess or if you can't amend the php.ini file

change your php.ini file

Hello,

I would like to ask, if i will be able to save all errors to mysql rather than a log file.

also is it possible for me to be able to save any errors which end users make for example, a user enters user name and enters wrong password, can i save that error?

The easiest way to make it save into a mysql database is simply by setting up a cron job to automatically transfer the data from the error log file to the database. And as for the error of wrong passwords, simply append to the log file which the cron task will then take care of. Hope that theory helps.