Another way to stop a user from looking at or executing the files read by include() or require() is to use a different file extension for them (i.e. *.inc) and add the following to your apache configuration:
<Files ~ "\.inc$">
Deny from all
They won't execute unless used in a include() or require() since they don't have the *.php extension, and the server won't serve them up as text/plain with the directive above.