homepage Welcome to WebmasterWorld Guest from 54.166.228.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
include('script.php?value=$value')
is this possible?
cuesta




msg:1272744
 12:21 pm on Jul 20, 2004 (gmt 0)

Hi.

I would like to create this PHP script

<?php
$value = 18;
include('script.php?value=$value');
?>

But I get this error message:
Warning: main(script.php?value=$value): failed to open stream: No such file or directory
Warning: main(): Failed opening 'script.php?value=$value' for inclusion (include_path='.;c:\php4\pear')

Any suggestion? Thank you very much.

 

httpwebwitch




msg:1272745
 2:14 pm on Jul 20, 2004 (gmt 0)

try:

include("pagename.php?var=".$var);

For one thing, the single quotes don't allow internal variable substitution. Double-quotes do. But I prefer to escape from the quotes and concatenate with the "."

RonPK




msg:1272746
 3:29 pm on Jul 20, 2004 (gmt 0)

There also is no need for the query string, as all variables in the including script are automatically passed to the included script.

So if script.php contains

<?php
echo $value;
?>

, the script

<?php
$value= 18;
include('script.php');
?>

will result in this output:

18

httpwebwitch




msg:1272747
 7:30 pm on Jul 20, 2004 (gmt 0)

oh, of course. that's true. include() brings in code from elsewhere and executes it in the current scope. so if you define $value=1, then include another file, it's not like the other file has a "mind of its own" where $value can be anything other than 1.

The inlcuded file also doesn't have its own $_GET collection so what's the point of passing it a querystring?

if it were so, then include() could be used for recursive including, which it's not intended to do.

And here I was thinking I had offered good advice by fixing someone's syntax. (blush)
sorry!

cuesta




msg:1272748
 8:31 pm on Jul 20, 2004 (gmt 0)

Thank you very much.

I tested it some months ago, and I didn't remember it! :(

StupidScript




msg:1272749
 10:08 pm on Jul 20, 2004 (gmt 0)

Just a quickie:

You may also build the reference before invoking it, i.e.

$include_page="script.php?value=$value";
include($include_page);

It looks like your problem is solved, but the above may still be useful at some point.

:)

ruserious




msg:1272750
 1:18 am on Jul 22, 2004 (gmt 0)

Re: include
Have a look at the documentation: [de.php.net...] It is explained there. If you use include and pass an URI than the parameter will be interpreted, however what you are including will be the parsed output from the script. Except in some very special cases that will have a completely different effect, than including the Raw php which will be parsed together with the code from the PAge doing the including.


<?php
echo $value;
?>

, the script

<?php
$value= 18;
include('script.php');
?>

I guess this comes closest to what the original question was asking for. However using Variables in the global context is bad idea, especially when you are using includes like that.
If register_globals is turned on, and the included file lies in the document root of the webserver anybody cann call the script passing it whichever value it wants. There have been loads of exploits for popular Software-Packages that resulted from this behaviour.

Possible solution: Prevent the included script from being directly called by a user. Either by moving it out of the document-root, or by denying acces to it via .htaccess, or by checking for a defined constant in the included file (which you then have to define in all the scripts that include those files - if it is undefined, die()). Which leads to the above example looking like:


<?php
if (!defined(MY_CHECK)) die();
echo $value;
?>

, the script

<?php
$value= 18;
define('MY_CHECK', true);
include('script.php');
?>

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved