hi, how i can hide the .php file extension? i want also to display a different file extension (for example. file.phtml)
Set expose_php=off in your php.ini file. Also see this for the rest of your question... http://www.usphp.com/security.hiding.html
you add this this code to .htaccess RemoveHandler .html .htm AddType application/x-httpd-php .php .htm .html Code (markup): and save your PHP files' extensions as .html, so all HTML files will be parsed as PHP.
Ive seen sites that no matter where you go on the site, the url always stays as www.domainname.com with no /index.php or anything. how is this possible? also, expose_php=off didnt do anything for me just thought id see what it did, and it did nothing.
You may need to restart apache for changes to php.ini to take effect. Basically, it doesn't hide the extension itself, but it does stop your server sending header directives that say the page was served by php (which mod re-writing doesn't remove by the way). You'll still need to do the other mod re-writes pointed out but without this basic setting, you'll be serving a page that says html with your server broadcasting that it's really php. (Who knows what Google makes of that!) The other option you may want to consider is to place each page in a seperate directory and call each one index.php. That way you can refer to every single page just as: http://www.mysite.com/directoryname instead of: http://www.mysite.com/pagename.php As for the url staying the same no matter where you go, whilst it may be funky, what on earth's the point? It means you can't gain any deep links and no one can bookmark a particular page that they are interested in. It's very un-user-friendly. Besides, the way to do it will inevitably mean you need to rewrite your entire site. I have to say, I don't much see the point in hiding the php extension either. It only adds a very thin layer of security and won't stop anyone trying to hijack the site with php/mysql exploits as these things are generally done by robot on sites regardless of what they say they're written in.
Well, here's how I'd do it (method 1)... Normall, the index.php is picked up by default - even if not specified. So any call to http://www.domain.com/ is interpretted as meaning http://www.domain.com/index.php (all depending on how your server is confgured). So, index.php gets loaded and then has clickable links which are form submits which post the action and any data back to index.php (posted data isn't visible on the url) Here's how I'd do it (method 2)... Ajax. That's pretty much it's reason d'etre.