This all depends on your include_path set in the PHP config files; see the
manual section on config for more info.
About the security hole... yes it would be dangerous on a system where
accounts are given to untrusted users (ie, customers), but there are ways
to make PHP secure for multi-account environments as well; this is also is
described in the manual.
php.net/manual
--Toby
----- Original Message -----
From: "Michael Zornek" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2001 12:04 PM
Subject: [PHP] include statement
> I'm a PHP newbie and am looking into using the include statement to
> put things like the header and footer in so they are always the same.
>
> I do this now with SSI. In SSI I'll use the following statement:
>
> <!--#include virtual="/includes/metatags.include" -->
>
> I like this cause it lets me use the same statement all over the site
> and I don't have to worry about where the document is and how many
> directories i have to go up an into "../../../../../"
>
> I was guessing PHP's version would be:
>
> <?PHP
> include("/includes/metatags.include");
> ?>
>
> However I get an error. If I put the absolute it works:
>
> <?PHP
> include("/home/httpd/includes/metatags.include");
> ?>
>
> which is scary cause this worked too:
>
> <?PHP
> include("/usr/local/apache/conf/httpd.conf");
> ?>
>
> doesn't this seem like a huge security hole?
>
> Well what I want is to use something like /inc/footer.html so i can
> use the same PHP statements in any document and not worry about
> getting it "../../../"
>
> Any suggestions.
> Mike
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
