So currently my websites are structured like this:
/private
/databaseconfigfile.php
/otherprivatestuff.php
/public
/index.php
/pages
/page1.php
/page2.php
I import these private files at the top of each page using:
require_once('../databaseconfigfile.php');
So I can access the define variables within them to populate/generate content.
They contain things like database details, API keys for various 3rd party tools like SMTP, AWS, etc. Is this the correct approach? Or should I be using a different PHP function/approach to access private files? I'm concerned that this approach may be prone to directory traversal attacks.
