0
Thanks

A few words of thanks would be greatly appreciated.

PHP 5 - Using an external URL with the function include

By default, in PHP 5 and the latest version, the option to include an external URL with the function include is disabled. If there is 'include' in function, PHP will show an error message. To make this work in PHP 5, requisite commands must be inserted in php.in. Once this function is enabled in PHP 5, security concerns may arise if the installation language is not secured. For aspiring webmasters using the language, this activation tip could be useful.

The option to include an external URL (i.e. absolute, in the form http://site.tld/url) with the function include is disabled by default from PHP 5 and later versions. Below are the two commands to include in php.ini to enable this feature:

allow_url_include = 1      
allow_url_fopen = 1 



For more information, go to: http://www.php.net/

Note: Activating the option allow_url_include in PHP can lead to security issues if the developer is not careful.
  • For example, if you have a PHP script which includes a page based arguments given via the URL
  • This means that by typing http://votresite.flet/mapage.php?page=page_a_inclure.php you include page_a_inclure.php.
  • If your code looks like this
    include $ _GET ['page']
    you leave the door open for anyone to add external code
0
Thanks

A few words of thanks would be greatly appreciated.

Ask a question
Jean-François Pillou

CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jeff Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.

Learn more about the CCM team

Related

Published by . Latest update on by Paul Berentzen.

This document, titled "PHP 5 - Using an external URL with the function include," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (https://ccm.net/).

0 Comments