From: daedalon at users dot sourceforge dot net
Operating system: Any
PHP version: 5.0.3
PHP Bug Type: Feature/Change Request
Bug description: include() should be an alias to include_once(); introduce
include_again()
Description:
------------
It's commonly seen that PHP guides and advanced users inform readers and
less experienced PHP coders to use include_once() all the time instead of
include(), which they say should be used only in situations where
including the same file another time would specifically be wanted or
allowed.
However, most of the users first learn about include(); and start using
it. Then they make some small error while coding and their website becomes
a mess, possibly leaking some private information. This is usually the
point where one hears that a more secure way of including files in PHP is
available. This is also the point where one starts thinking, why is the
better way harder one around, and why does the worse option have a shorter
and easier to remember name.
I suggest that include() would be made to act like include_once(),
possibly being in fact an alias for it. For those who really do want to
use an include construct that has the potential for including the same
file again, include_again() should be made available and it should work
like the include() construct has previously done.
Naturally it wouldn't be fair for anyone to make the change right away.
The correct order would be making include_again() construct available and
announce to everyone that it should be used if that is really the desired
functionality; otherwise one can leave his code right intact. This would
also be the point where documentation (book) authors should be notified,
so that all future material would mention about this if appropriate. Then,
after one or more x.x version changes, the change should be made so that
include() is an alias for include_once(), not include_again(). This way
every responsible PHP author using include() purposefully instead of
include_once() would have already made the changes required, and everyone
else would just live happily ever after being able to use simply include()
with the secureness of include_once().
I think this would be similar to what the PHP community experienced with
the register_globals being changed to default to off. Increased security
with minimum pain for the users, the way PHP has reigned so far. I do hope
my suggestion would come true if not in 5.1 or 5.2, at least in 6.0,
whenever it comes. It would save me and many other users time that is now
being used to learning by mistakes or education why not use the simple
include().
The same should be applied to require_*() constructs too, so that
require() would be an alias to require_once() after the final change, and
before that be an alias to require_again() which would be announced as
being the construct to use when the re-requiring functionality is
desirable.
Reproduce code:
---------------
include("file");
...lots of other code, possibly if clauses and loops...
include("file");
Expected result:
----------------
The abovementioned code should include file only once, because the cases
when the user would actually want file to be included twice are less
common than sharks in Sahara but too many people haven't heard that
include_once() should be used almost always instead of the simpler to type
and pronounce include().
Actual result:
--------------
At the present the code above includes file twice causing common problems
and time spent educating everyone around that the simpler way is the worse
way, always use the function with the more inconvenient name if you don't
specifically mean to include or require file more than once.
--
Edit bug report at http://bugs.php.net/?id=32295&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32295&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=32295&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=32295&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=32295&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=32295&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=32295&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=32295&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=32295&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=32295&r=support
Expected behavior: http://bugs.php.net/fix.php?id=32295&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=32295&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=32295&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=32295&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32295&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=32295&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=32295&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=32295&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=32295&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=32295&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=32295&r=mysqlcfg
