I am confused as to what constitutes " best practice" for the structure of a PHP web-based application. Reading this site there are a number of suggestions. One structure frequently mentioned is "do not have any php files inside the document root". While this sounds like good practice, I cannot see how it works - the web server doesn't recognise anything outside the document root. I assume here that document root is the public access directory, something like as shown below:
app-
|
- htdocs - document root
| |
| - index.php
| - css/
| - images/
|
- PHP classes in here/
- Other PHP classes in here.../
Or is it that "app" in the above example is the document root, and the htdocs dir is the publicly accessible area of the site structure?
Following on from that, how do I ensure public access is not available for the files in dirs other than htdocs please?