I have a webpage which holds the number of the page to display:
mydomain.net/index.php?page=42
This works alright. Now I want to display the page only when a particular cookie is set, and I moved most of the body to an include file, so that index.php only has
<?php
if ($cookie_ok):
include("http://mydomain.net/index_d6skrif9.php");
else:
include("http://mydomain.net/noaccess.inc");
endif
?>
and now the $_GET["page"] in the include file, which is supposed to retrieve the page number returns nothing.
I read that $_GET[] is a superglobal and that superglobals' scopes are across include files. So what's wrong here, and how can I use the page number in the include file?
$_GET works in included files, it does not work in included HTTP resources.
The PHP in index_d6skrif9.php will be executed by mydomain.net before it gets to the PHP program with the include statement in it.
Use a local file path, not an HTTP URL.
include("index_d6skrif9.php");
Alternatively, pass the value to the server you are pulling the include from:
include("http://mydomain.net/index_d6skrif9.php?page=" + urlencode($_GET['page']));
Note that the latter approach has far more opportunity for things to go wrong and is much less efficient than a local file included, so it isn't recommended if you can help it.
You'll need to include them locally, not over-the-web:
if ($cookie_ok)
include("index_d6skrif9.php");
else
include("noaccess.inc");
endif
By using URLs, you're making a web-request and the server executes the PHP in the file and returns the contents (making it have its own set of super-globals).
Related
I have this code inside of my header
<?php
define('RELPATH','http://www.saint57records.com/');
include_once(RELPATH.'sidebar.php');
?>
and an example line of code in the sidebar
<img style="margin:10px;" src="<?php print RELPATH;?>images/logo.png" width="60px"/>
but when it gets to the page it includes the file correctly but all the links inside of the file just print RELPATH instead of the web url like this
<img style="margin:10px;" src="RELPATHimages/logo.png" width="60px"/>
It works fine on the other pages of my website, just not inside of Wordpress. Does anyone know what might be causing this issue?
The short answer is to provide a filesystem path to RELPATH, not a web URL.
The long answer is that when you use a web URL to include a PHP file, the PHP file will be treated like an external source. It will be called remotely, executed in a process of its own, and return the results. A constant defined previously can not have an effect in this remote resource.
If http://www.saint57records.com/ is on a different server, you'll have to pass RELPATH to it some other way, e.g. through a GET variable (which you'd have to sanitize with htmlentities() prior to use.) However, including content from a remote server in this way isn't good practice. It'll slow down your page as it'll make an expensive web request. If the target server is down, your page will time out.
i want to include a file, but with $_get, i don't know how to explain but i try to give examples.
I need to include a file from URL like this
mysite.com/?=MYINCLUDETEXT
and to write on <?php include('MYINCLUDETEXT.php'); ?>
Anyone tell me, Thank You.
This will actually do what you want
if (isset($_GET['file'])){
include($_GET['file'].'.php');
}
You might also want to test that the file, you are trying to include exists
file_exists and actually is a file is_file and not a folder.
But you have to understand, that even doing this you are creating a BIG breach in your system and helping people who want to hack your.
Not only it becomes easier to include uploaded files, (not only files which were validly uploaded), but it also allows to include random files from your server.
To avoid problems described in answer above - put all your files names (which should be included) in array, like:
$pages_array=('home','services','contact').
And then check GET var: if(!in_array($_GET['page'], $pages_array) { die(); }
Because you will probably need some other $_GET values/vars, i suggest that you use $_GET['page'] - for inclusion... You could later add mod rewrite to display pages as 'normal' urls... e.g.
www.yoursite.com/index.php?page=contact, could be rewritten to : www.yoursite.com/contact.html
I've read so many different inputs on this, so I figured I would ask on here.
Is there anything wrong or dangerous about using full links inside a php include?
Examples,
<?php include('http://www.domain.com/blah.php'); ?>
<?php
define('WEB_ROOT', './'); // relative path to /
include('layout.php');
?>
compared to using
<?php
include('../blah.php');
?>
include('http://www.domain.com/blah.php') goes out and makes an actual HTTP request to the web server, returning the contents of the URL after the web server has processed them, just as you'd see when entering that URL in your browser.
include('../blah.php') includes the local file from disk one directory higher.
The two are completely different things and you do not want to include a URL when you mean to include a local file. Even if the two are supposedly the same file, PHP cannot know that. Accessing a URL and accessing a local file path are entirely different things. It's not possible to infer that the two are the same.
<?php include('http://www.domain.com/blah.php'); ?> is very dangerous, you can't know in 100% what is the code you will get!!! becuse PHP do HTTP request and someome can do ManInTheMiddel attack and to change the code you will get, and to hack your site.
A search form in "search.php" is on the vendor's server and it has been set up so my site can display it. The URL is: http://mysite.com/search.php.
The search result page is on the vendor's server also in a separate file called "result.php". It has also been configured so the URL looks like this: http://mysite.com/result.php.
I would like to insert the "search.php" form in the "result.php" file so users don't have to swtich back and forth between the pages.
I tried:
<?php
include 'http://mysite.com/search.php';
?>
It didn't work, and then I realized that I need to set "allow_url_fopen" to yes to use URL in the include statement. This is NOT something I want to do as I read other posts here there is security issue involved.
I'm not sure you can include another server's php file, allow_url_fopen and allow_url_include are to get the file output of the designated url, i mean, the final result, you won't be able to use the variables or functions from that script.
try using file_get_contents(), or if you are displaying final results anyway, you could just use an iFrame
You can just do
<?php
include $_SERVER['DOCUMENT_ROOT']"./search.php";
?>
You can try
include __dir__ . "/search.php";
When I include a page using it's full URL (like include 'http://mysite.tld/mypage.php'), I can't use the $GLOBALS in mypage.php, it returns Undefined index error.
But when I include it using it's relative path (like include 'mypage.php'), then it's OK.
The reason why am I using URL instead of relative path is that I want to include $_GET parameters to mypage.php
Is there any logical explanation of this strange behaviour?
Note that both files are on the same server, in the same directory.
Including files with a URL means the code is run as a separate process, which means it runs under a different variable scope. This is as opposed to if you include the file via a relative path, in which case it is pretty much equivalent to cut and pasting the code into the script.
Essentially this means that the only variables available from your starting script are those that you explicitly pass (as you are in this case using the $_GET variables). This includes the $_SESSION variables, since the caller is your own server rather than the client.
This behaviour is noted in the PHP manual's include page:
If the target server interprets the target file as PHP code, variables
may be passed to the included file using a URL request string as used
with HTTP GET. This is not strictly speaking the same thing as
including the file and having it inherit the parent file's variable
scope; the script is actually being run on the remote server and the
result is then being included into the local script.