I've made a config.php file which contains all definitions and variables that should be used in all over my website, and I should include it in every single page (paying attention at different relative paths)...
Is there a way to make this file automatically visible from all PHP files without manually including it every time?
Or is there an alternative way to make all constant definitions visible everywhere?
Thank you.
A way is to build your web PHP app with an unique enter point, instead of several points (different PHP files). This unique point will be the main index.php, wich will load config.php and also the PHP file according for the requested URL. So, in your operating PHP files you don't need to include config, because they're included by index.php instead. This is a strategy matter. Obviously, you need to think well before start to build. Or you can rely on an existing framework or something.
Related
Please help me to understand how not to overcomplicate my site.
For example I have files:
index.php
other.php
etc...
these files have such code
include '../dir/index.php';
include '../dir/other.php';
etc.
How to have url like "site.com/news.php" without having actual file news.php, because only one thing it does is including code?
You have to configure your Apache to send all request to you main PHP script. You can do that via different ways. The "regular" way would be to use a .htaccess file and some mod_rewrite settings. Then within your main script you have to handle the problem of not finding the file which was requested. But be careful you can create a lot of security sink holes. For example if you just parse the request parameters and without sanitizing include a file.
For that you should just look at some modern PHP frameworks like Symfony, Laravel and others. There this kind of stuff is already handle quite well.
So I have a website with more than 10 pages. Now I want to export the head section, the header and the footer to other files, in order to facilitate further editing of any of those section, without having to go through every single page. Is it possible to make a header.html and have the other html files import the code from the separate file?
What you're describing is an "include" and here's how to do it with PHP. I recommend using a server side language like PHP to do the include because it will definitely be indexed by Google and you don't need to worry that the user has javascript disabled or poorly supported.
First of all, you won't be able to do this unless your webpages are either saved as PHP (with .php extension) or your HTML pages (.html extension) are being parsed by PHP. Obviously you'll also need PHP running on your server.
Take the chunks you want to "include" and save them into their own files (header.php, footer.php, etc.). Put them in their own folder under your assets area (such as a directory called includes or inc). Then, in your web pages, use PHP to include those files:
<?php include_once($_SERVER['DOCUMENT_ROOT'].'/include/header.php') ?>
I like to use the $_SERVER['DOCUMENT_ROOT'] variable so I don't need to remember the relative path to the include directory. Use that include line exactly where you would place the original header html.
If you want to keep your files as HTML but have them parsed as PHP, you'll need to make sure your server is parsing HTML files as PHP. You can direct the server to do this in the .htaccess (assuming Apache) where you'll need a line like this:
AddHandler application/x-httpd-php .php .htm .html
This line will be different for different host environments, so you may need to tweak that.
You could move your header and associated files to an html file and just call jQuery load to bring it in.
USAGE
http://api.jquery.com/load/
You can also use PHP to do a php include_once of your header.php file. This is similar to what wordpress does!
USAGE
http://php.net/manual/en/function.include-once.php
Good luck and let me know if theres other questions!
Yes, your problem is a general problem of preventing code duplication. As usual with general problems this problem was addressed a lot with a lot of different approaches over the years.
And there are more possible solutions, it would be a very hard task just to list all the possible solutions, so my answer will be very vague.
You can use the object tag to reuse your structure
You can load it with a client-side language, like Javascript (or using its very popular library, called jQuery)
Finally, you can generate your HTML using a server-side language
You can't do this with CSS. You can call those HTML contents from separated files using Ajax (it's pretty simple with jQuery) or you can directly include the files using PHP.
Im creating a website and i am very OCD when it comes to security so i heard that if you store all of your .php files outside of your public_html folder and invoke them with another .php file that is inside your public_html folder then your risk of an attack is lower. Is this true, if so how would i do this. I read something about using .htaccess but I'm not sure if that was the correct way to do it. I though i could maybe use include but im not sure how include works with parameters.
There isn't a huge amount of extra protection offered by this strategy. Mainly, it ensures that if your server is misconfigured and fails to send PHP scripts to the PHP interpreter, it doesn't allow PHP code to be sent directly down to the browser.
You don't store all your PHP scripts outside document root. You typically store only files which are not intended to be accessed publicly outisde the doc root. Store your include files outside the doc root and include them as you would any file. Store files which are are public views inside the document root, as they need to be web-accessible.
There is a design pattern known as the Front Controller pattern whereby a single index page (index.php) accepts routes and includes other files as appropriate. Numerous PHP frameworks support this out of the box.
See PHP include function: http://www.php.net/manual/en/function.include.php
However, I doubt what you're trying to do will increase security. Where did you hear that it increases security?
I often see examples in PHP that include.inc files. What is the meaning of .inc? What it is used for? What are the disadvantages and advantages of using it?
It has no meaning, it is just a file extension. It is some people's convention to name files with a .inc extension if that file is designed to be included by other PHP files, but it is only convention.
It does have a possible disadvantage which is that servers normally are not configured to parse .inc files as php, so if the file sits in your web root and your server is configured in the default way, a user could view your php source code in the .inc file by visiting the URL directly.
Its only possible advantage is that it is easy to identify which files are used as includes. Although simply giving them a .php extension and placing them in an includes folder has the same effect without the disadvantage mentioned above.
If you are concerned about the file's content being served rather than its output. You can use a double extension like: file.inc.php. It then serves the same purpose of helpfulness and maintainability.
I normally have 2 php files for each page on my site:
One named welcome.php in the root folder, containing all of the HTML markup.
And another named welcome.inc.php in the inc folder, containing all PHP functions specific to the welcome.php page.
EDIT: Another benefit of using the double extention .inc.php would be that any IDE can still recognise the file as PHP code.
Generally means that its a file that needs to be included and does not make standalone script in itself.
This is a convention not a programming technique.
Although if your web server is not configured properly it could expose files with extensions like .inc.
It's just a way for the developer to be able to easily identify files which are meant to be used as includes. It's a popular convention. It does not have any special meaning to PHP, and won't change the behaviour of PHP or the script itself.
This is a convention that programmer usually use to identify different file names for include files. So that if the other developers is working on their code, he can easily identify why this file is there and what is purpose of this file by just seeing the name of the file.
Just to add. Another disadvantage would be, .inc files are not recognized by IDE thus, you could not take advantage of auto-complete or code prediction features.
In my opinion, these were used as a way to quickly find include files when developing. Really these have been made obsolete with conventions and framework designs.
Note that
You can configure Apache so that all files With .inc extension are forbidden to be retrieved by visiting URL directly.
see link:https://serverfault.com/questions/22577/how-to-deny-the-web-access-to-some-files
I have a series of web sites all hosted on the same server with different domains. I want to host some common PHP scrips and then be able to call these from the other domains.
Im am a bit fresh with my php so pls excuse code attempts - I have tried iterations of the following which may try and help you understand what I am aiming for!
from within php tags ...
include('http://www.mydomain/common_include.php?show_section=$section');
$show_section = $_GET['show_section'];
include('http://www.mydomain/common_include.php');//Then $show_section would be available to the included file/cod
Finally I have tried pulling in the include which contains a function then trying to run that include from the parent script.
I would much prefer to keep this PHP
orientated rather than getting
involved with the server (file
systems etc (but I can change
permissions etc)
I can but would prefer not to just upload the same library to each of the domains separately
I understand PHP is run on the server hence maybe problematic to include scripts across onto another server.
Thanks in advance.
#
EDIT
OK OK - I get that its bad practice so will not do it....THANKS VERY MUCH FOR THE QUICK ANSWERS.
However is there any other recommendations of how to esentially show this basic php app on all of the sites with out haveing to add the files to the root of each site? Just to prevent massive script duplication...(thinking out loud call the scripts in from a db or anyother soloutions)
Again thanks for your assistance
That would be a huge security risk if you could just include remote PHP files to your own projects. The PHP gets parsed before the server sends it to you so cross-domain includes would only contain the output the script generates. The only way to include PHP files so that they can be executed is via local filesystem.
If you look at PHP.net's documentation about include, you can find this:
If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), you can specify the file to be included using a URL (via HTTP or other supported wrapper - see List of Supported Protocols/Wrappers for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.
Which pretty much explains the whole thing.
The root of the original question seemed to be the poster's concern about using a PHP script or plugin on multiple sites and then having an onerous task each time it needs to be updated. While trying to include PHP files across sites is a bad idea, it is a better plan to structure your script to be as self contained as possible. Keep the entire plugin contained in one directory.... and ensure your function calls to utilize it are as well formed as possible - clean, well named functions, uniform naming conventions and a well thought out plan for what parameters each function needs. Avoid using global variables.
Ideally you should then have quite an easy time each time you need to update the plugin/script in all locations. You can even set up an automated process that will upload the new directory containing the plugin to each site replacing the old one. And the function calls within your code should rarely if ever change.
If your script is big enough you might implement an automatic update process like the more recent versions of Wordpress use. Click a button and it updates itself. In the past, updating a dozen sites running Wordpress (as an example) was a massive pain.
That is very bad practice.
Actually you're including not PHP but just HTML code.
Include files, not urls. It is possible for the same server.
Just use absolute path to these files.
Apart from the fact that it's a bad practice you should first check if include allows URLs if you really want to do that.
If however all the sites that need to use the script, you could put the script somewhere in a directory accessible by the user that executes php and add that dir to the php.ini include_path property (can also be done at runtime)
(Or you could create a php extension and load it as extension)
If you have root rights on that server, you could just use absolute path from filesystem root, but most hostings won't let you do this.