Prevent PHP code exec in subfolders

Hello,

I have a directory tree for my project:

/www/CMS/

/www/CMS/files/

/www/CMS/files/Images

/www/CMS/files/Documents

The user is able to access content and subfolders files/ via FTP, which is the place for his stuff

My question is, how can I prevent running php scripts in files/ , files/Images/ , files/Documents/ using .htaccess

because I tried run a <?php echo get_file_contets("../../index.php"); ?>  in /www/CMS/files/Images/ and it displayed my code;

I have a .htaccess file:

  RemoveHandler .php .phtml .php3 .php5

  RemoveType .php .phtml .php3 .php5

  php_flag engine off

but if place it in /www/CMS/ it stops running my project; if I place it in /www/CMS/files/ , the htaccess can be simply deleted by user via ftp

thank you for any help

(same question but simplier way)

how setup .htaccess to apply functions:

  RemoveHandler .php .phtml .php3 .php5

  RemoveType .php .phtml .php3 .php5

  php_flag engine off

only to subfolder .../files/ and it's content but the .htaccess must be placed in root directory

You'd probably have to setup the configuration in the main httpd.conf file.  That or prevent the user from deleting the .htaccess file somehow, such as changing it's owner/permissions.

thank you for answer.

modification of httpd.conf and setting ownership is not possible on my hosting. I not running on own web server. So the last option is to set up .htaccess to affect with settings the subdirectories , but exclude the root directory where the .htaccess is.

The only known good and working situation is (but don't like it):

</root/>

  *.php all CMS files

</root/subdir1/>

          *.htaccess disabling running scripts as described in my previous post

</root/subdir1/subdir2/>

                        the place for all 3d-party user's stuff accessable via FTP