A friend has asked me to clarify some of why & how I structure my development directories , which generally start out like this:
Here, in essence, is what I told them.
How about you make a file called awesomepassword.php and give it this content:
<?php define('AWESOME_PASSWORD', 'superCoolPassword76783489'); ?>
Now stick it in your project’s root folder. Now if you browse to yourDevelopmentUrl/awesomepassword.php you get a blank white page. Oh well, not a problem, right? Now, just as an illustration, rename the file awesomepassword.php to awesomepassword.ph
and then browse to yourDevelopmentUrl/awesomepassword.ph
and see what you get!
Having every script be public isn’t the best approach.
Obviously this typo example isn’t hard to avoid, but there are a variety of other similar benefits to having your root folder not be public. For instance, your included scripts (classes, methods, functions) could and should not be directly browseable. Your config files can be non-browseable as well, as per the example above. Ideally, you could also make the www/ folder really clean, with only a single php file in it, like index.php to be used for pretty urls.
(pretty urls are a great help when coding a site in php, so I’ll get into them at another time, in another post)