May 16, 2008
|
|
I do now php includes work for me and I have the php include files in a 'includes' folder in my root html folder. I also include my db.php in the root also and it works. edit: I've also had this other problem when working under XAMPP, I'm not sure what is causing it but lets say I have certain files stored down a few levels of folder 'root/includes/forms/modify_char.php' for example. I just store it there for the sake of trying to keep things tidy because I end up with so many *.php files doing small ajax outputs. When I try and include the 'db.php' in 'modify_char.php' with CODE include('.../db.php'); it dosent work I'm not sure why this is. So eventually I copy db.php to 'includes' folder and try CODE include('../db.php'); Now this works. I'm not sure why this is, maybe there is a limit of how many number of level folders you can include to?
here's the script I've hand-typed and have been using for a year or so now, EXACTLY how I have it on my site (copyright BTW)
CODE <?php // This php script has been written and designed by Brandon Selvar - www.bcsproductions.co.nr // This code must remain intact in this include for legal use if($page=="") { $page=""; } $complete="".$page.".php"; if(file_exists($complete)) { include($complete); } elseif($page=="") include ("welcome.php"); else { include ("404.php"); } ?> I don't get an error, it just doesn't happen. I went into the control panel and it says that the include function for local and master are set to OFF, which is disapointing, but url_fopen is on and working just find :? *EDIT* I should note that the welcome.php page include works, but the ?page= include do not. and this script works on all servers with Inlcude turned on CODE <?php // This php script has been written and designed by Brandon Selvar - www.bcsproductions.co.nr // This code must remain intact in this include for legal use if($page=="") { $page=""; } $complete="".$page.".php"; if(file_exists($complete)) { include($complete); } elseif($page=="") include ("welcome.php"); else { include ("404.php"); } ?> Your code your gave. I'm assuming thats only a small piece of it. are you assigning $page = $_GET['page'];? because if you havent thats probably why its not working.
yes, thats the whole code, it's always worked for me. but I guess I don't know everything about security and functionality with my limited learning time between work, community, friends, and schooling. you think I should re-work the coding to be:
CODE <?php // This php script has been written and designed by Brandon Selvar - bselvar.trap17.com // This code must remain intact in this include for legal use if($page=="") { $page= $_GET['page']; } $complete="".$page.".php"; if(file_exists($complete)) { include($complete); } elseif($page=="") include ("welcome.php"); else { include ("404.php"); } ?> I'll try this now ;D EDIT HA! SUCCESS! That does work! thanks for helping me improve my script! I've actually thought about the using $_GET, but since it ALWAYS worked I thought it unnecessary.
just add to the start before you use it
CODE $page = $_GET['page']; That way its already asigned and you wont need to change any code. Or you could go to everyline and change $page to $_GET['page'] which I think is too much hassle.
yeah I just simply re-wrote it to:
CODE <?php // This php script has been written and designed by Brandon Selvar - bselvar.trap17.com // This code must remain intact in this include for legal use if($page=="") { $page= $_GET['page']; } $complete="".$page.".php"; if(file_exists($complete)) { include($complete); } elseif($page=="") include ("welcome.php"); else { include ("404.php"); } ?>  thank you!!
Ah this age old problem.... There should be a sticky about this methinks...
For the record the reason you have to assign the variable like that is because of a setting in the PHP.ini files on T17 servers and the reason it is like that is for security. Because if, for example, you had a variable called $level that controls what the user can see, either normal, or aadmin options. With the normal set up all a hacker has to do is type &level=admin into the URL and they are an admin but with the T17 setup this wouldnt work and so is more secure. For more info see: http://www.php.net/register_globals And if you want to turn this option off on your local server so that you dont accidentally forget the set up is different go into your PHP folder on your installation and locate the php.ini file and change the line "register_globals" from ON to OFF
ah, I see, is there anyway to do this in a code alone? for security? like alternating a value or something? because if I make a CMS script I want it to be as secure as possible, not some lofty open ended hacker "HIT HERE!" sign ;D
I dont think there is but im probably wrong. Most hosting companies will have this set to OFF by default for their own security as well as yours. you can easily check by making a PHPINFO(); command within an otherwise empty PHP page and looking through the output. If it is set to ON Then i would recommend emailing the hosting company and asking for it to be changed to OFF. Even better would be to email their support before registering just to make sure.
there could be a way to use PHP code to do change the values but i dont know of it and i suspect it doesnt exist as in itself it would be a security flaw, allowing a hacker to change a lot of settings and give him/herself an easier time inside. Latest EntriesQUOTE(musicmaza @ Jan 13 2008, 10:21 AM)  no I didn't a problem like that because I don't use php too much and by the way many suggestions have been already given,so you may try ny one give in this thread,I know these t17 members are really far more experienced then I am,so I am not suggesting anything because I may suggest something wrong.  yeah, as long as you use Include($_GET['blah.php']  you won't have the problem, or it could be the difference in what you are includeing , (visible/css style) content
I never have had this problem. Of course I have all my files in the same directory at the moment, but my PHP includes work fine and I use the $_GET variable on some of my pages.
You can check it out at my site. http://ninfanzone.uni.cc I am using PHP include to get my CSS into my pages and for the menu at the top.
no I didn't a problem like that because I don't use php too much and by the way many suggestions have been already given,so you may try ny one give in this thread,I know these t17 members are really far more experienced then I am,so I am not suggesting anything because I may suggest something wrong.
QUOTE(jlhaslip @ Jan 11 2008, 08:44 PM) This syntax is a left-over from the days of DOS Operating System where a single dot meant "this directory" and the double dot meant "file's Parent Directory" Actually, Unix uses this too. And Unix is a lot older than DOS. Unix, last i checked, came out in 1969. But to add to your other statement: When you include the root directory by including a forward slash in the beginning of the file path, this does not neccesarily mean your "public_html" folder. It means the root of the system itself; assuming the system is a Unix-based system; other systems may be different. QUOTE(anachro @ Jan 13 2008, 03:15 AM) ... but say its in root/file/ and your operational page is in root/file/file/ using ../filename.ext would allow it to work, correct? Assuming i understood you correctly: Yes, that would work. But it is a security flaw if you allow ../ in _GET variables without verifying the extension. QUOTE(jlhaslip @ Jan 11 2008, 07:44 PM) This syntax is a left-over from the days of DOS Operating System where a single dot meant "this directory" and the double dot meant "file's Parent Directory", so good programming practice would use the single dot syntax for a file in the Current directory ( include './filename.ext' ) and double dot syntax for the Parent directory ( include '../filename.ext' ) You can travel to several levels of Parent Directories by adding sets of double dots, too. ( include '../../../../filename.ext' ) would go back 4 levels. Similarly, a slash without the dots is used to indicate the path to the file starts at the Server Root. ( include '/filename.ext' ) I had no idea! so the basic concept is if the file is in the same directory of the operating page, jsut put ./filename.ext, but say its in root/file/ and your operational page is in root/file/file/ using ../filename.ext would allow it to work, correct? |
|
 Does Php Include Work? - not for me aparantly... ? |
| ADD REPLY / Got an Opinion! | Remove these ADs! | RAPID SEARCH! | Free Web Hosting | [X] |
|
Express your Opinions, Thoughts or Contribute more info. to help others. Ask your Doubts & Queries to get answers, So that "Together We can help others!" |
Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP. | 500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE |
|