PHP Including Files And Securing Included Files Tutorial
Ranked #4,166 in Internet, #227,232 overall
Including PHP Files
This is a short tutorial that show how to include PHP files and how to secure these. For example: when including a file that runs a process that may only be used internally, you don't want the file to be accessible directly. However this is easy to secure against, we'll see that later in this tutorial. Let's start with the multiple ways to include a PHP file:
include
include_once
require
require_once
include
include("filename.php");
The PHP include function is the easiest way to include a PHP file into your PHP webpage. All it does is include the file given as argument to the function, no matter if it's already include before. If it fails to include the file, it will return a warning ( but won't stop the script from functioning further ).include_once
include_once("filename.php");
The PHP include_once function is a little different from the normal include function. This function ( the name says it all ) includes a file only ONCE. If the specified file has already been included earlier in the script, it will not include it again.require
require("filename.php");
The PHP require function is another way to include a PHP file into your webpage. The difference with the include function is that the script will not function further ( it wil throw a fatal error ) when the specified file could not be included.require_once
require_once("filename.php");
The PHP require_once function can include the specified file ( or: its code ) only once. For the rest it works the same as the normal require function.Securing Include Files
How to secure include files and protect them from being executed externally.
There's a couple of fairly easy ways to secure your include files and protect them from being executed externally ( only when included into the correct webpage ). What I usually do is make a definement inside of the script in which the file may be included. For example:
include_file.inc.php
system_file.php
Note: It's also possible to use variables for this approach, but defined constants seemed more logical to me as the IS_INTERNAL constant doesn't need to be changed and just defined once as a constant.
include_file.inc.php
<?php
if(defined('IS_INTERNAL')) {
echo "You may not see this unless this file was included inside of the system!";
}
?>
system_file.php
<?php
define("IS_INTERNAL", TRUE);
//we can now include the include file and it will work because IS_INTERNAL was defined ( -> the include file now 'knows' it's included within the system )
include('include_file.inc.php');
?>
Note: It's also possible to use variables for this approach, but defined constants seemed more logical to me as the IS_INTERNAL constant doesn't need to be changed and just defined once as a constant.
You might also like ...
Related Products (Amazon)
Related Products (eBay0
by webcodez
"Give a man a program and you'll frustrate him for one day. Teach a man to program and you'll frustrate him for a whole lifetime."
webcodez
GameHeroes
more »
- 21 featured lenses
- Winner of 14 trophies!
- Top lens » PHP & MySQL Poll System Tutorial
Feeling creative?
Create a Lens!
Explore related pages
- PHP & MySQL Poll System Tutorial PHP & MySQL Poll System Tutorial
- PHP & MySQL Login System Tutorial PHP & MySQL Login System Tutorial
- PHP basics tutorial PHP basics tutorial
- PHP Smilies System Tutorial PHP Smilies System Tutorial
- PHP Email Validation Tutorial PHP Email Validation Tutorial
- PHP POST and GET Variables Tutorial PHP POST and GET Variables Tutorial
