PHP Tips – Manage correctly file inclusion

In this article we’ll treat a quite simple argument but if badly managed can lead to big problems, the topic is the inclusion of files.
According to my experience I established three golden rules that should be enough; if you come up with other ones, I’ll be glad to talk about it.

1. Include once

Only if strictly needed , it’s always better to specify that we want to execute the inclusion only one time using the commands include_once or require_once.
Let’s do an example to understand why:
The file 1.php contains the definitions of a series of  constants.
The files 2.php and 3.php need a few of the constants defined in file 1.php, so we’ll include 1.php in both files.
In the page page.php we need the functions contained in 2.php and 3.php so we will include them.
At this point if in 2.php and 3.php we included 1.php with the command include, in page.php a series of errors at the notice level will raise, because we are trying to define twice the same constants contained in 1.php.
Using include_once we resolve these problems. Therefore we use include and require only when we need to repeat the inclusion.

2. Absolute paths

If we want to include files in a file that in turn will be included, it’s important to do it through absolute paths. Take for example the following structure:

Now the file db_config.php will contain the connection parameters to the database and has to be included in the file db_connect.php that in turn will provide the connection.
However  it would be a mistake to include it this way:

 include_once ‘db_config.php’;
 

The file db_connect.php in fact will be used in index:php, so we should include db_config.php in db_connect.php this way:

 include_once ‘inc/db_config.php’;
 

But what happens if the file db_connect.php has to be used also by admin.php?
A mess.
If we want to include files in a file that in turn will be included, we have to do it through absolute paths. Therefore we’ll include db_config.php in db_connect.php in this way:

 include_once dirname(__FILE__) . ‘/db_config.php’;
 

The magic constant __FILE__ returns the absolute path where the file physically resides (different from $_SERVER[‘PHP_SELF’] that returns the path where the file is executed). Therefore with dirname() we pick up only the path.
At this point we only have to add the path of the file we intend to include, in this case it’s in the same folder, so it’s very simple.
This way, in whatever point we’ll go to include db_connect.php, the file db_config.php will be included correctly because taken from its absolute position.

Note: Starting from  PHP 5.3  the magic constant __DIR__  has been introduced that is equivalento to:

 dirname(__FILE__)
 

3. Pay attention to dynamic inclusions

A lot of attention, indeed. This code:

 include $_GET[‘page’];
 

with no adjustments it is equivalent, in terms of security, to a suicide.
To avoid problems, I send you to the very complete guide on security written by Cristian, in particular to  this article, at the indirection chapter.

Conclusion

As you see, even for a very simple argument like file inclusion, there’s a lot to say.

Master per Web Designer Freelance
In tutti questi anni abbiamo ricevuto centinaia di richieste di approfondimento sulle numerose tematiche del web design vissuto da freelance. Le abbiamo affrontate volta per volta. Ma ci siamo resi conto che era necessario fare qualcosa di più. Ecco perché è nato One Year Together, un vero e proprio master per web designer freelance che apre finalmente le porte al mondo del lavoro.
Scopri One Year Together »
[pdf]Scarica articolo in PDF[/pdf]
Tags: ,

The Author

Maurizio is married to the triad PHP - MySql - Apache and, not enough, he has a lover called jQuery. He has a blog where he tries to describe in detail all of "his lovers". His real specialty is the realization of large business application, altough he never refuses the commitment of a website.

Author's web site | Other articles written by

Related Posts

You may be interested in the following articles:

10 comments

Trackback e pingback

  1. Tweets that mention PHP Tips – Manage correctly file inclusion | Your Inspiration Web -- Topsy.com
    [...] This post was mentioned on Twitter by Web RSS News and Tom Bangham, V. Tavares (E-Goi). V. Tavares (E-Goi) …
  2. PHP Tips – Manage correctly file inclusion | Garry Lachman
    [...] Read full article here [...]

Leave a Reply

Current day month ye@r *