Please help me to understand how not to overcomplicate my site.
For example I have files:
index.php
other.php
etc...
these files have such code
include '../dir/index.php';
include '../dir/other.php';
etc.
How to have url like "site.com/news.php" without having actual file news.php, because only one thing it does is including code?
You have to configure your Apache to send all request to you main PHP script. You can do that via different ways. The "regular" way would be to use a .htaccess file and some mod_rewrite settings. Then within your main script you have to handle the problem of not finding the file which was requested. But be careful you can create a lot of security sink holes. For example if you just parse the request parameters and without sanitizing include a file.
For that you should just look at some modern PHP frameworks like Symfony, Laravel and others. There this kind of stuff is already handle quite well.
Related
I know that PHP's include/require statements can append other .php files into the script, either from a local path or an url.
Today i tried to include and also to require a .ddf (a text file), and it worked, with no errors or warnings. Then PHP actually executed some code that was in that file!
After that i went into the PHP's documentation for include to see if including non-php files is fully supported and safe. Turns out that, the documentation barely mentions this procedure (include 'file.txt'; // Works.) that's it.
So i'm asking you guys, Is including non-php files safe? Also is it a bad practice?
I just want to say that it is completely unsafe. While yes, as long as you trust the page, you technically could do this. But the page when pulled up directly in the browser isn't parsed as php. Anyone who goes directly to the file in the web server, whether guessing or you made a framework or they just know some file names, would see the complete source of the file. Exposing your site and possibly releasing sensitive information like database credentials. Another thing to think about is that people are usually pretty good about not allowing *.php files to be uploaded to their site, but just imagine you are allowing other files to be included and someone uploads a text file named "someImage.jpg" with php script in it and for some dumb reason you include it. People now have a way to execute scripts on your server. Likely including calling shell commands (exec). It used to be common practice to use *.inc files to specify includes but that has been considered bad for quite a long time.
It is not advisable to include txt files in php scripts. Instead, you should use file_get_contents.
So I have a website with more than 10 pages. Now I want to export the head section, the header and the footer to other files, in order to facilitate further editing of any of those section, without having to go through every single page. Is it possible to make a header.html and have the other html files import the code from the separate file?
What you're describing is an "include" and here's how to do it with PHP. I recommend using a server side language like PHP to do the include because it will definitely be indexed by Google and you don't need to worry that the user has javascript disabled or poorly supported.
First of all, you won't be able to do this unless your webpages are either saved as PHP (with .php extension) or your HTML pages (.html extension) are being parsed by PHP. Obviously you'll also need PHP running on your server.
Take the chunks you want to "include" and save them into their own files (header.php, footer.php, etc.). Put them in their own folder under your assets area (such as a directory called includes or inc). Then, in your web pages, use PHP to include those files:
<?php include_once($_SERVER['DOCUMENT_ROOT'].'/include/header.php') ?>
I like to use the $_SERVER['DOCUMENT_ROOT'] variable so I don't need to remember the relative path to the include directory. Use that include line exactly where you would place the original header html.
If you want to keep your files as HTML but have them parsed as PHP, you'll need to make sure your server is parsing HTML files as PHP. You can direct the server to do this in the .htaccess (assuming Apache) where you'll need a line like this:
AddHandler application/x-httpd-php .php .htm .html
This line will be different for different host environments, so you may need to tweak that.
You could move your header and associated files to an html file and just call jQuery load to bring it in.
USAGE
http://api.jquery.com/load/
You can also use PHP to do a php include_once of your header.php file. This is similar to what wordpress does!
USAGE
http://php.net/manual/en/function.include-once.php
Good luck and let me know if theres other questions!
Yes, your problem is a general problem of preventing code duplication. As usual with general problems this problem was addressed a lot with a lot of different approaches over the years.
And there are more possible solutions, it would be a very hard task just to list all the possible solutions, so my answer will be very vague.
You can use the object tag to reuse your structure
You can load it with a client-side language, like Javascript (or using its very popular library, called jQuery)
Finally, you can generate your HTML using a server-side language
You can't do this with CSS. You can call those HTML contents from separated files using Ajax (it's pretty simple with jQuery) or you can directly include the files using PHP.
I often see examples in PHP that include.inc files. What is the meaning of .inc? What it is used for? What are the disadvantages and advantages of using it?
It has no meaning, it is just a file extension. It is some people's convention to name files with a .inc extension if that file is designed to be included by other PHP files, but it is only convention.
It does have a possible disadvantage which is that servers normally are not configured to parse .inc files as php, so if the file sits in your web root and your server is configured in the default way, a user could view your php source code in the .inc file by visiting the URL directly.
Its only possible advantage is that it is easy to identify which files are used as includes. Although simply giving them a .php extension and placing them in an includes folder has the same effect without the disadvantage mentioned above.
If you are concerned about the file's content being served rather than its output. You can use a double extension like: file.inc.php. It then serves the same purpose of helpfulness and maintainability.
I normally have 2 php files for each page on my site:
One named welcome.php in the root folder, containing all of the HTML markup.
And another named welcome.inc.php in the inc folder, containing all PHP functions specific to the welcome.php page.
EDIT: Another benefit of using the double extention .inc.php would be that any IDE can still recognise the file as PHP code.
Generally means that its a file that needs to be included and does not make standalone script in itself.
This is a convention not a programming technique.
Although if your web server is not configured properly it could expose files with extensions like .inc.
It's just a way for the developer to be able to easily identify files which are meant to be used as includes. It's a popular convention. It does not have any special meaning to PHP, and won't change the behaviour of PHP or the script itself.
This is a convention that programmer usually use to identify different file names for include files. So that if the other developers is working on their code, he can easily identify why this file is there and what is purpose of this file by just seeing the name of the file.
Just to add. Another disadvantage would be, .inc files are not recognized by IDE thus, you could not take advantage of auto-complete or code prediction features.
In my opinion, these were used as a way to quickly find include files when developing. Really these have been made obsolete with conventions and framework designs.
Note that
You can configure Apache so that all files With .inc extension are forbidden to be retrieved by visiting URL directly.
see link:https://serverfault.com/questions/22577/how-to-deny-the-web-access-to-some-files
I'm trying to add some of my own PHP to a nearly-unreadable template file on a forum system. I know it all works perfectly as far as the server config, etc. goes, but PHP simply doesn't parse on this page. JS works fine. Any ideas? It's a simple .html page.
Try adding this to your .htaccess (or creating a new one in the appropriate directory):
AddType application/x-httpd-php .php .html
Is it possible that the template file is being read into a variable rather than being included or required? Eg. it's loaded using file_get_contents or something similar?
If this is the case you may need to eval() the template code after it has been loaded as file_get_contents does not parse php code, it just loads the text as it is into a variable. It's a very ugly solution but it may work for you. Please be careful if you do this as it does open up a whole can of security issue worms.
A lot of template systems use their own coding syntax. If this is the case it will not be possible to include PHP code in your template without opening up a lot of security holes.
Try to learn the specific templating language used, or find out where you should put the code without changing the template file (there may be a controller or plugin system built for such stuff).
Your page has to be a .php page.
I have a series of web sites all hosted on the same server with different domains. I want to host some common PHP scrips and then be able to call these from the other domains.
Im am a bit fresh with my php so pls excuse code attempts - I have tried iterations of the following which may try and help you understand what I am aiming for!
from within php tags ...
include('http://www.mydomain/common_include.php?show_section=$section');
$show_section = $_GET['show_section'];
include('http://www.mydomain/common_include.php');//Then $show_section would be available to the included file/cod
Finally I have tried pulling in the include which contains a function then trying to run that include from the parent script.
I would much prefer to keep this PHP
orientated rather than getting
involved with the server (file
systems etc (but I can change
permissions etc)
I can but would prefer not to just upload the same library to each of the domains separately
I understand PHP is run on the server hence maybe problematic to include scripts across onto another server.
Thanks in advance.
#
EDIT
OK OK - I get that its bad practice so will not do it....THANKS VERY MUCH FOR THE QUICK ANSWERS.
However is there any other recommendations of how to esentially show this basic php app on all of the sites with out haveing to add the files to the root of each site? Just to prevent massive script duplication...(thinking out loud call the scripts in from a db or anyother soloutions)
Again thanks for your assistance
That would be a huge security risk if you could just include remote PHP files to your own projects. The PHP gets parsed before the server sends it to you so cross-domain includes would only contain the output the script generates. The only way to include PHP files so that they can be executed is via local filesystem.
If you look at PHP.net's documentation about include, you can find this:
If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), you can specify the file to be included using a URL (via HTTP or other supported wrapper - see List of Supported Protocols/Wrappers for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.
Which pretty much explains the whole thing.
The root of the original question seemed to be the poster's concern about using a PHP script or plugin on multiple sites and then having an onerous task each time it needs to be updated. While trying to include PHP files across sites is a bad idea, it is a better plan to structure your script to be as self contained as possible. Keep the entire plugin contained in one directory.... and ensure your function calls to utilize it are as well formed as possible - clean, well named functions, uniform naming conventions and a well thought out plan for what parameters each function needs. Avoid using global variables.
Ideally you should then have quite an easy time each time you need to update the plugin/script in all locations. You can even set up an automated process that will upload the new directory containing the plugin to each site replacing the old one. And the function calls within your code should rarely if ever change.
If your script is big enough you might implement an automatic update process like the more recent versions of Wordpress use. Click a button and it updates itself. In the past, updating a dozen sites running Wordpress (as an example) was a massive pain.
That is very bad practice.
Actually you're including not PHP but just HTML code.
Include files, not urls. It is possible for the same server.
Just use absolute path to these files.
Apart from the fact that it's a bad practice you should first check if include allows URLs if you really want to do that.
If however all the sites that need to use the script, you could put the script somewhere in a directory accessible by the user that executes php and add that dir to the php.ini include_path property (can also be done at runtime)
(Or you could create a php extension and load it as extension)
If you have root rights on that server, you could just use absolute path from filesystem root, but most hostings won't let you do this.