Results 1 to 19 of 19
Thread: Tutorial: PHP Includes
-
10-16-2005, 02:56 PM #1Web Developer
- Join Date
- Feb 2003
- Location
- Connecticut
- Posts
- 5,460
Tutorial: PHP Includes
PHP includes are a great way to make editing sites easier. By creating a template and replacing the content with this PHP script, it will allow the page to get separate content files, with only the content in them. This is helpful as only one file needs to be changed when the template is edited.
PHP is generally better than SSI (server-side includes) since it allows for much more to happen. The below script has error-checking, default pages, and other features which SSI is not as well suited for.
The first thing to understand is how we get the content. The three main functions I like to use are include, require, and file_get_contents. There are other ways, but these three are the most common and appropriate for what we are doing.
include
The include function is used to take the exact code from a file. The code is parsed (which means any PHP code in the file will be run), and then placed exactly where the include is (in PHP's memory, this will not change your file.)
require
The require function is identical to include. The only difference is that it stops the script's execution if the file does not exist.
file_get_contents
The file_get_contents function is most similar to an include. This function does not parse the specified file, making it ideal for scripts only including text. It is also much faster than an include.
For the following examples, I will be using file_get_contents, since it is more efficient than include, and most cases will not involve files using PHP. I would also like to note that the files may be of any type, so you can include a .dat, .php, .txt, or any file wanted.
Code so far:
PHP Code:<?php
file_get_contents('file.txt');
?>
Code so far:
PHP Code:<?php
$file = 'file.txt';
$default = 'default.txt';
if(file_exists($file))
{
file_get_contents($file);
}
elseif(file_exists($default))
{
file_get_contents($default);
}
else
{
echo 'Could not find any files!';
}
?>
Most instances for using this code will require a file to be included based on a variable. We will assume that variable is stored in $_GET['page']. (The URL would look like: index.php?page=info)
The problem with the above method, is that someone could specify the path to a file containing your passwords, and effectively gain access to your system. To prevent this, I append the file type to the $_GET variable.
Final Code:
PHP Code:<?php
$ext = '.txt';
$file = $_GET['page'].$ext;
$default = 'default'.$ext;
if(file_exists($file))
{
file_get_contents($file);
}
elseif(file_exists($default))
{
file_get_contents($default);
}
else
{
echo 'Could not find any files!';
}
?>0
-
10-22-2005, 01:26 AM #2Newbie
- Join Date
- Oct 2005
- Posts
- 9
Very nice and detailed! Will surely help someone out.
0
-
10-24-2005, 06:14 PM #3New Member
- Join Date
- Oct 2005
- Posts
- 2
Thanks, just what I needed Dan!
0
-
10-27-2005, 10:03 PM #4Newbie
- Join Date
- Jan 2005
- Posts
- 14
cool thanks
0
-
11-23-2005, 06:13 PM #5Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 282
It is important to note that it is sometimes better to use include_once() or require_once() instead of include() and require(). Use include_once() on files that will throw an error if exicuted twice. (For instance files with PHP classes and CONSTANTS)
Also there is a security hole in the above code. The script there will allow a user to open text files not in the webhosting directory
for example
index.php?page=../../../WINDOWS/system32/eula
on a host using windows
Code:<?php $ext = '.txt'; $file = '../../../WINDOWS/system32/eula'.$ext; $default = 'default'.$ext; if(file_exists($file)) { file_get_contents($file); } elseif(file_exists($default)) { file_get_contents($default); } else { echo 'Could not find any files!'; } ?>
0
-
11-23-2005, 08:52 PM #6WHT Addict
- Join Date
- Sep 2004
- Location
- England UK
- Posts
- 127
great work danx and korvan! keep it up!
Read Tabloids - Warning Experimental.0
-
12-02-2005, 03:28 PM #7Web Developer
- Join Date
- Feb 2003
- Location
- Connecticut
- Posts
- 5,460
Thanks for the tip Korvan, so here's a fix:
Replace:PHP Code:$file = $_GET['page'].$ext;
PHP Code:$file = ereg_replace('../','',$_GET['page']).$ext;
0
-
12-03-2005, 09:06 PM #8WHT Addict
- Join Date
- May 2005
- Posts
- 167
If it wasn't copied then it's a nice tutorial. If someone is interested in learning then i know a good place where to start. http://www.w3schools.com/php/default.asp.
0
-
12-05-2005, 10:56 PM #9Web Developer
- Join Date
- Feb 2003
- Location
- Connecticut
- Posts
- 5,460
I wrote it myself.
w3schools is okay if you want to dabble in it, but you basically just have to read from a lot of different sources and experiment. php.net's function reference is by far the best resource.0
-
12-06-2005, 02:36 PM #10Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 282
Use str_replace when just replacing strings instead of expressions. str_replace is 5x faster than ereg_replace and 12x faster than preg_replace. Not that a few microseconds will matter in most cases. This is only true on small strings, preg_replace becomes faster on much larger strings, but ereg_replace is always slower.
0
-
08-03-2010, 04:14 PM #11Disabled
- Join Date
- Aug 2010
- Location
- Somerset, UK
- Posts
- 62
Would also recommend using:
PHP Code:<?php
include_once("inc/sql.php");
?>0
-
12-18-2010, 09:25 AM #12Newbie
- Join Date
- Nov 2010
- Location
- UK
- Posts
- 12
0
-
02-24-2011, 03:19 AM #13Junior Guru
- Join Date
- Jun 2010
- Posts
- 179
Hi,
I have never seen such a detailed info on tutorials
thanks for sharing Nice post keep it up0
-
02-24-2011, 04:49 AM #14Newbie
- Join Date
- Feb 2011
- Posts
- 8
A better way is to use a switch statement and have all the pages in there:
PHP Code:switch($_GET['page'])
{
case 'about':
include("about.php");
break;
case 'contact':
include("contact.php");
break;
case 'home':
default:
include("home.php");
break;
}
0
-
07-14-2012, 01:45 PM #15Junior Guru Wannabe
- Join Date
- Jul 2012
- Posts
- 30
Only w3schools contains a very good tutorial for the beginner but to expertise, one should try and experience various tutorials and problems which every site has their uniqueness.
0
-
08-15-2012, 02:07 PM #16Newbie
- Join Date
- Jul 2012
- Posts
- 17
nice tuto & recommended to use the $_GET['page'] for security reason
a simple include can be dangerous0
-
10-12-2012, 03:45 AM #17Newbie
- Join Date
- Oct 2012
- Posts
- 21
very simple and yet useful information, thanks
0
-
11-06-2012, 12:54 PM #18Junior Guru Wannabe
- Join Date
- Oct 2012
- Posts
- 42
Ahhh Thanks so much for this thread! Me and my partner have been learning HTML/HTML5/CSS etc... since I can remember now. I have been trying to convert all of our mini projects over to custom PHP templates using PHP includes and some of this information really helped out!
SiteGone Web Hosting
Affordable Hosting Solutions0
-
11-19-2012, 03:38 PM #19Retired Moderator
- Join Date
- Apr 2005
- Posts
- 3,499
Thank you for the tutorial Dan. Not to diminish the value of the above, but just a friendly reminder that a lot has changed in the PHP world since 2005. Make sure you consult the latest sources (including php.net) to ensure you are following current best practices to keep your PHP-based websites secure.
Alex0