What about the security issue mentioned?  Is it then possible (using the
include and/or readfile) to grab anything found on the server?
1 More thing:  what if I wanted to place the contents of a file into a
variable.  How do you achieve that?

Karl *also a newbie, and this is a great group*




----- Original Message -----
From: "Adam Wright" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Michael Zornek"
<[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2001 10:18 AM
Subject: Re: [PHP] include statement


> For your things (where you are including HTML), readfile just reads a file
> and dumps it to the screen. This is fine, because you are just dealing
with
> HTML, so no processing is required. include will actually try and parse
the
> file as if it has PHP inside somewhere, which your HTML (probably) doesnt.
> So, readfile uses less resources, and is much more like the SSI include
> statement than PHP's include :)
>
> adamw
>
> ----- Original Message -----
> From: "Michael Zornek" <[EMAIL PROTECTED]>
> To: "Adam Wright" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Wednesday, January 17, 2001 5:14 PM
> Subject: Re: [PHP] include statement
>
>
> > Adam(and everyone else who answers in 5 minutes, god i love this list),
> >
> > thanks for the help.
> >
> > Why is readfile more 'correct'?
> >
> > Just wondering?
> > Mike
> >
> > At 5:07 PM +0000 1/17/01, Adam Wright wrote:
> > >This is because the PHP include statement is ment to include other
blocks
> of
> > >PHP code, rather than bits of HTML. Hence, it includes things from
> anywhere
> > >on the system. To include things from under your current htdocs
> directory,
> > >use...
> > >
> > >include($DOCUMENT_ROOT . "/includes/metatags.include");
> > >
> > >though the more 'correct' method would be
> > >
> > >readfile($DOCUMENT_ROOT . "/includes/metatags.include");
> > >
> > >adamw
> > >
> > >----- Original Message -----
> > >From: "Michael Zornek" <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Wednesday, January 17, 2001 5:04 PM
> > >Subject: [PHP] include statement
> > >
> > >
> > >>  I'm a PHP newbie and am looking into using the include statement to
> > >>  put things like the header and footer in so they are always the
same.
> > >>
> > >>  I do this now with SSI. In SSI I'll use the following statement:
> > >>
> > >>  <!--#include virtual="/includes/metatags.include" -->
> > >>
> > >>  I like this cause it lets me use the same statement all over the
site
> > >>  and I don't have to worry about where the document is and how many
> > >>  directories i have to go up an into "../../../../../"
> > >>
> > >>  I was guessing PHP's version would be:
> > >>
> > >>  <?PHP
> > >>  include("/includes/metatags.include");
> > >>  ?>
> > >>
> > >>  However I get an error. If I put the absolute it works:
> > >>
> > >>  <?PHP
> > >>  include("/home/httpd/includes/metatags.include");
> > >>  ?>
> > >>
> > >>  which is scary cause this worked too:
> > >>
> > >>  <?PHP
> > >>  include("/usr/local/apache/conf/httpd.conf");
> > >>  ?>
> > >>
> > >>  doesn't this seem like a huge security hole?
> > >>
> > >>  Well what I want is to use something like /inc/footer.html so i can
> > >>  use the same PHP statements in any document and not worry about
> > >>  getting it "../../../"
> > >>
> > >>  Any suggestions.
> > >>  Mike
> > >>
> > >>
> > >>  --
> > >>  PHP General Mailing List (http://www.php.net/)
> > >>  To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>  For additional commands, e-mail: [EMAIL PROTECTED]
> > >>  To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
> > >>
> > >>
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to