PHP script are usually naked, but sometimes we need to capsulating out script for security reason or commercial. There is many way to hide our script, we can use Base 64 Encoding combined with Inflate Compression function and other PHP function that can be reversed. This is the only reason why we need to avoid encrypt the code using PHP function. Every encrypted script need to decrypt first before they run. What should we do is just set a tricky scenario to encrypt and or decrypt back.
I’ve try to using compiled PHP script. I use Bambalam PHP EXE Compiler/Embedder, a light and fast compiler to bundling our PHP script including library, CSS, and external file, except image, sound, and other multimedia file.
There is many way to invoking our compiled script. We can put them into CGI or just execute them using PHP shell execution function (read the PHP Documentation).
We should design a n-Tier PHP application, then assuming we have a web server with PHP, an application server, and a database server. In this case, an application server is used to put our compiled PHP script and external library. Classes wrote in PHP script that we’ve compiled. Some of our class is used to accessing database server and then compiled class script sent back to web server to displaying the result. So here, a web server is used to show user interface.
I think this way is secure enough to hide our PHP script.