www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Any danger in making a .html page .php using .htaccess?

  1. #1
    Join Date
    Apr 2007
    Posts
    209

    Any danger in making a .html page .php using .htaccess?

    Hello I know there are easy ways to make an .html page read PHP code using .htaccess, that way you don't need to name a web page .php if there is a reason you can't.

    For example only
    RewriteEngine On
    RewriteRule foo.html foo.php
    or
    AddHandler x-httpd-php .php .htm html

    Is there any danger to a website when having .html pages read PHP using .htaccess?
    Please let me know thank you very much for your help.

  2. #2
    Join Date
    Jun 2004
    Posts
    316
    I remember my old programming teacher telling me one time that he used to do that but he stopped for some reason, i can't remember why. I do not think it would pose any security risks but i think he just stopped doing it for compatibility reasons, or just because it's not the standard way of doin it...
    Windows XP Professional
    256MB RDRAM (damn expensive)
    120GB HD, 2.56GHz P4 Processor
    Only 64MB GeForce4 Vid Card /w TV-Out
    Wish I had money to buy more RAM lmao

  3. #3
    Join Date
    Apr 2007
    Posts
    209
    Thank you. Any other opinions from others who know about PHP and servers and if there seems to be any danger in it? Please let me know thank you very much for your help.

  4. #4
    Join Date
    Jul 2005
    Location
    USA
    Posts
    912
    I used to do that using

    Code:
    AddHandler x-httpd-php .php .htm html
    And just stopped because of the confusion with a company that I did the work for.

    It is rather unconventional as .html is a legitimate recognized extension.

    If I was to do something similar today, I would create a custom extension like:

    Code:
    AddHandler x-httpd-php .php .holycrap
    It just becomes un-necessary in the scope of things as all server generated output sends response headers that identify the content. So, even if you named a file "mypage.html", you could tell a browser that the page is an "image/gif" in the response header.

    KISS, keep-it-simple-stupid.
    Bitter web veteran

  5. #5
    Join Date
    Jun 2004
    Posts
    316
    lmao i remember my gr. 6 teacher used that KISS line on us.. i eventually told him KISS was a rock band and I like to be complicated,, although i actually do agree with the abbreviation
    Windows XP Professional
    256MB RDRAM (damn expensive)
    120GB HD, 2.56GHz P4 Processor
    Only 64MB GeForce4 Vid Card /w TV-Out
    Wish I had money to buy more RAM lmao

  6. #6
    Join Date
    Jul 2005
    Location
    USA
    Posts
    912
    I like to be complicated
    Just remember, judging by your username, you must be young (or younger than I). As web developers, we aren't building the Taj Mahal so don't over-engineer things too much. Learn what you can but try to be practical and solution oriented.
    Bitter web veteran

  7. #7
    Join Date
    Jun 2004
    Posts
    316
    I've created many webpages, from simple to complicated, back and forth and in-between. I even went as far as to create a template that did environment-emulation using JavaScript. Remember, when I said that I was only in grade 6, and I am now 19 years of age and know the importance of keeping things as simple as possible.
    Windows XP Professional
    256MB RDRAM (damn expensive)
    120GB HD, 2.56GHz P4 Processor
    Only 64MB GeForce4 Vid Card /w TV-Out
    Wish I had money to buy more RAM lmao

  8. #8
    Join Date
    Apr 2007
    Posts
    209
    Sounds like you're saying it probably doesn't hurt anything to use .htaccess for that. Webnerd what did you mean by response header? Is there somewhere else to tell the browser that an .html page can read PHP? Please let me know if there is another way also thanks a lot.

  9. #9
    Join Date
    Jun 2004
    Posts
    316
    a response header tells the client what type of file they are trying to access (for example, TEXT/HTML). A response header could also be used to force a download (if I am not mistaken).
    Windows XP Professional
    256MB RDRAM (damn expensive)
    120GB HD, 2.56GHz P4 Processor
    Only 64MB GeForce4 Vid Card /w TV-Out
    Wish I had money to buy more RAM lmao

  10. #10
    Join Date
    Jul 2005
    Location
    USA
    Posts
    912
    In php you can send:

    Code:
    header('Content-type: image/jpeg');
    But echo out HTML after that. Of course, the browser will barf because the content is not of type "image/jpg" but ASCII text.

    What that means is, if you create a custom extension let's say, ".foobar" and let PHP parse that file. The file is really not of type ".foobar", its PHP and then you are outputting HTML which changes the Content-Type to "text/html".

    It makes sense from a server processing perspective if you have a custom application that reads custom file types but why obfuscate a PHP file type with a different extension? It becomes just one more thing to explain to people that work on the site.

    Bad practice, not necessarily, but in the grand scheme of things, in will only make a difference to you as the programmer.
    Bitter web veteran

  11. #11
    Join Date
    Apr 2003
    Location
    Netherlands
    Posts
    21,654
    W3C recommends not to show the extension.
    http://www.w3.org/Provider/Style/URI
    At least 98% of internet users' DNA is identical to that of chimpanzees

  12. #12
    Join Date
    Apr 2007
    Posts
    209
    I didn't think you'd want me to bore you with details but sounds like it would help to know reason why. I have an .html page I need to put some PHP in because can't name the page .php because too many search engines it is in will drop it completely forever or for a year or more and that's a real bad thing. The php code for the .html page also uses cookies and needs to use cookies. Since it uses cookies the code doesn't work right being pulled into an .html page with a server side include command. This left the .htaccess that it did work with but was making sure there wasn't any danger in doing that. On the header information you're talking about. What kind of header could be included so an .html page reads PHP? Please let me know thanks a lot.

  13. #13
    Join Date
    Jan 2009
    Posts
    9

    Smile

    Thank you Fang for the redirect here.

    vortexer I kind of want to do the same thing as you, I have an html page on which I want to use php [for the external menu] but don't want to rename my html page as a .php. I haven't managed to get my .htaccess file to redirect yet [like it sounds you have] but must echo your question because it closely mirrors my own situation. I'll be watching this thread.
    I have a theory that it's a demon, a dancing demon, nahhh something isn't right.... Rupert Giles

  14. #14
    Join Date
    Apr 2007
    Posts
    209
    Adancingdemon, I'll give you the directions on the .htaccess in a private message. But we're still wondering is there any way to make an .html page read PHP code using a page header of some kind instead? As webnerd was indicating maybe above? Seems like that would be even less work than .htaccess if it works. Please let us know thank you very much for your help.

  15. #15
    Join Date
    Apr 2003
    Location
    Netherlands
    Posts
    21,654
    Any header in a (html) file will have to be parsed as php. The server has to know which files to parse. Use the htaccess file to set this.
    At least 98% of internet users' DNA is identical to that of chimpanzees

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles