Pretty much, yes (within the bounds of the permissions of the files. Most
webservers run as nobody on unix, and hence can only read those files which
nobody can (confusing, huh :)). But, unless you have a mallicious user with
upload access to your server, this isnt an issue. If you do, investigate
"Safe mode" this instant :)
adamw
----- Original Message -----
From: "Karl J. Stubsjoen" <[EMAIL PROTECTED]>
To: "Adam Wright" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
"Michael Zornek" <[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2001 5:21 PM
Subject: Re: [PHP] include statement
> What about the security issue mentioned? Is it then possible (using the
> include and/or readfile) to grab anything found on the server?
> 1 More thing: what if I wanted to place the contents of a file into a
> variable. How do you achieve that?
>
> Karl *also a newbie, and this is a great group*
>
>
>
>
> ----- Original Message -----
> From: "Adam Wright" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "Michael Zornek"
> <[EMAIL PROTECTED]>
> Sent: Wednesday, January 17, 2001 10:18 AM
> Subject: Re: [PHP] include statement
>
>
> > For your things (where you are including HTML), readfile just reads a
file
> > and dumps it to the screen. This is fine, because you are just dealing
> with
> > HTML, so no processing is required. include will actually try and parse
> the
> > file as if it has PHP inside somewhere, which your HTML (probably)
doesnt.
> > So, readfile uses less resources, and is much more like the SSI include
> > statement than PHP's include :)
> >
> > adamw
> >
> > ----- Original Message -----
> > From: "Michael Zornek" <[EMAIL PROTECTED]>
> > To: "Adam Wright" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Wednesday, January 17, 2001 5:14 PM
> > Subject: Re: [PHP] include statement
> >
> >
> > > Adam(and everyone else who answers in 5 minutes, god i love this
list),
> > >
> > > thanks for the help.
> > >
> > > Why is readfile more 'correct'?
> > >
> > > Just wondering?
> > > Mike
> > >
> > > At 5:07 PM +0000 1/17/01, Adam Wright wrote:
> > > >This is because the PHP include statement is ment to include other
> blocks
> > of
> > > >PHP code, rather than bits of HTML. Hence, it includes things from
> > anywhere
> > > >on the system. To include things from under your current htdocs
> > directory,
> > > >use...
> > > >
> > > >include($DOCUMENT_ROOT . "/includes/metatags.include");
> > > >
> > > >though the more 'correct' method would be
> > > >
> > > >readfile($DOCUMENT_ROOT . "/includes/metatags.include");
> > > >
> > > >adamw
> > > >
> > > >----- Original Message -----
> > > >From: "Michael Zornek" <[EMAIL PROTECTED]>
> > > >To: <[EMAIL PROTECTED]>
> > > >Sent: Wednesday, January 17, 2001 5:04 PM
> > > >Subject: [PHP] include statement
> > > >
> > > >
> > > >> I'm a PHP newbie and am looking into using the include statement
to
> > > >> put things like the header and footer in so they are always the
> same.
> > > >>
> > > >> I do this now with SSI. In SSI I'll use the following statement:
> > > >>
> > > >> <!--#include virtual="/includes/metatags.include" -->
> > > >>
> > > >> I like this cause it lets me use the same statement all over the
> site
> > > >> and I don't have to worry about where the document is and how many
> > > >> directories i have to go up an into "../../../../../"
> > > >>
> > > >> I was guessing PHP's version would be:
> > > >>
> > > >> <?PHP
> > > >> include("/includes/metatags.include");
> > > >> ?>
> > > >>
> > > >> However I get an error. If I put the absolute it works:
> > > >>
> > > >> <?PHP
> > > >> include("/home/httpd/includes/metatags.include");
> > > >> ?>
> > > >>
> > > >> which is scary cause this worked too:
> > > >>
> > > >> <?PHP
> > > >> include("/usr/local/apache/conf/httpd.conf");
> > > >> ?>
> > > >>
> > > >> doesn't this seem like a huge security hole?
> > > >>
> > > >> Well what I want is to use something like /inc/footer.html so i
can
> > > >> use the same PHP statements in any document and not worry about
> > > >> getting it "../../../"
> > > >>
> > > >> Any suggestions.
> > > >> Mike
> > > >>
> > > >>
> > > >> --
> > > >> PHP General Mailing List (http://www.php.net/)
> > > >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > > >> To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> > > >>
> > > >>
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
