As you know PHP files are never shown by the server.  Instead they are processed and the end result is shown.  If the server is properly set up there will be no way around this.  If a file has a .php extension then the server will process any PHP in it and only send the end result to the browser.  Copy _databaseinclude.php and call the new copy _databaseinclude.html.  If you did not do the SQL tutorial just use any PHP page and rename it to look like HTML.  If Windows is hiding your file extensions it may be easiest to do this by opening the file in your editor and saving as.

Open the new file in your browser and you will see the PHP code has not been processed.  View source to see what has happened.  If the PHP code included database table names or user names and passwords you would have just revealed dangerous information to the user. 

Files with extensions not recognised by the Web server will be displayed as plain text (in the browser). So never keep notes, backup copies of files or anything else where users could guess their URL and see them.  Save that file as .txt, .bak, .inc or .doc to see the problem.  Once PHP programmers were told to use .inc for included files so you might see some.  If you do see any rename them as PHP (and change the include() code) and they will work the same way but safely.

But surely they need to know the file name?

Thanks to Google no!  Put this search in and you should find plenty of unprotected sites:

ext:inc "pwd=" "UID="

That searches for .inc files which contain those exact strings (which are commonly used to refer to user names and passwords).  Change pwd to password and/or UID to username (or pass and user) for even more. All you need to do is guess what the coder would have called his variables.  Once you have the user name and password you can log in to the SQL server or other database and start hacking.  Don't because the site owner might be a genuine and nice person who has let an idiot create their site for them.  It is the idiot who should suffer not the site owner.  Maybe you could tell them?  It might end up as some business for you (although the sites are probably old and dead).