include('script.php?value=$value')

Forum Moderators: coopster

Message Too Old, No Replies

include('script.php?value=$value')

is this possible?

cuesta

12:21 pm on Jul 20, 2004 (gmt 0)

Hi.

I would like to create this PHP script

<?php
$value = 18;
include('script.php?value=$value');
?>

But I get this error message:
Warning: main(script.php?value=$value): failed to open stream: No such file or directory
Warning: main(): Failed opening 'script.php?value=$value' for inclusion (include_path='.;c:\php4\pear')

Any suggestion? Thank you very much.

httpwebwitch

2:14 pm on Jul 20, 2004 (gmt 0)

try:

include("pagename.php?var=".$var);

For one thing, the single quotes don't allow internal variable substitution. Double-quotes do. But I prefer to escape from the quotes and concatenate with the "."

RonPK

3:29 pm on Jul 20, 2004 (gmt 0)

There also is no need for the query string, as all variables in the including script are automatically passed to the included script.

So if script.php contains

<?php
echo $value;
?>

, the script

<?php
$value= 18;
include('script.php');
?>

will result in this output:

httpwebwitch

7:30 pm on Jul 20, 2004 (gmt 0)

oh, of course. that's true. include() brings in code from elsewhere and executes it in the current scope. so if you define $value=1, then include another file, it's not like the other file has a "mind of its own" where $value can be anything other than 1.

The inlcuded file also doesn't have its own $_GET collection so what's the point of passing it a querystring?

if it were so, then include() could be used for recursive including, which it's not intended to do.

And here I was thinking I had offered good advice by fixing someone's syntax. (blush)
sorry!

cuesta

8:31 pm on Jul 20, 2004 (gmt 0)

Thank you very much.

I tested it some months ago, and I didn't remember it! :(

StupidScript

10:08 pm on Jul 20, 2004 (gmt 0)

Just a quickie:

You may also build the reference before invoking it, i.e.

$include_page="script.php?value=$value";
include($include_page);

It looks like your problem is solved, but the above may still be useful at some point.

ruserious

1:18 am on Jul 22, 2004 (gmt 0)

Re: include
Have a look at the documentation: [de.php.net...] It is explained there. If you use include and pass an URI than the parameter will be interpreted, however what you are including will be the parsed output from the script. Except in some very special cases that will have a completely different effect, than including the Raw php which will be parsed together with the code from the PAge doing the including.

<?php
echo $value;
?>
, the script
<?php
$value= 18;
include('script.php');
?>

I guess this comes closest to what the original question was asking for. However using Variables in the global context is bad idea, especially when you are using includes like that.
If register_globals is turned on, and the included file lies in the document root of the webserver anybody cann call the script passing it whichever value it wants. There have been loads of exploits for popular Software-Packages that resulted from this behaviour.

Possible solution: Prevent the included script from being directly called by a user. Either by moving it out of the document-root, or by denying acces to it via .htaccess, or by checking for a defined constant in the included file (which you then have to define in all the scripts that include those files - if it is undefined, die()). Which leads to the above example looking like:


<?php
if (!defined(MY_CHECK)) die();
echo $value;
?>, the script<?php
$value= 18;
define('MY_CHECK', true);
include('script.php');
?>