can I use the full file URL in an include() function?

[ajetrumpet]

hey you guys,

I have a bunch of files on a server and I had to populate each one with this code:

<?php
	include("https://www.domain.com/r/pagevisit.php");
?>

however, I'm getting an error, which I understand:

Quote

Warning: include(): https:// wrapper is disabled in the server configuration by allow_url_include=0 in

This gentleman on SO suggests that doing this is not the right way, and will always throw the error:   https://stackoverflow.com/a/23285648

This site is getting quite large now, and I might just have to throw the content of all the files into a DB and pull it out when each page is requested.  however, for now everything is just PHP files sitting on the server.  so the question => is there anyway I can keep the include() code I currently have on each page, or does each file have to have it changed to the relative URI path?  if I can keep it the way it is, where is the configs to change it?  I might not even have access to it since this is shared hosting.   thanks!

Adam

Edited February 18, 2020 by ajetrumpet

[cyberRobot]

From the PHP manual for the include statement:

Quote

If "URL include wrappers" are enabled in PHP, you can specify the file to be included using a URL (via HTTP or other supported wrapper - see Supported Protocols and Wrappers for a list of protocols) instead of a local pathname.

More information can be found here, before example 3:
https://www.php.net/manual/en/function.include.php

[cyberRobot]

Just be aware that if the website's domain ever changes, you will need to go through all your scripts to updated the include statements. Another option to consider is specifying an include_path.
https://www.php.net/manual/en/ini.core.php#ini.include-path

[ajetrumpet]

I appreciate it, cyberR..  I will bookmark the manual.

[ginerjm]

So you are saying that all of your 'files-to-be-included' exist elsewhere and not on the domain server that you are running on?  An odd situation it seems to me.

[requinix]

Yeah... I must be missing something or else I would expect people to have yelled not to do that.

If the files are on your own website then never include them as URLs. For assorted reasons, not the worst of which is that it's extra overhead on your website.

If the files are not on your own website then never include them as URLs. The answer is something else that depends on why you're trying to execute PHP code on someone else's server.

[mac_gyver]

you are probably looking for an absolute file system path, not a http URL -

require $_SERVER['DOCUMENT_ROOT'] . '/r/pagevisit.php';

[ajetrumpet]

23 hours ago, mac_gyver said:

you are probably looking for an absolute file system path, not a http URL -

require $_SERVER['DOCUMENT_ROOT'] . '/r/pagevisit.php';

this might be exactly what I'm looking for, mac!  thanks!

so the rest of you guys....I have changed all of the files on my website to this:

<?php
	include("relative_path_pointer/r/pagevisit.php");
?>

so essentially what I did for a file that is nested ''x'' dirs deep, to capture traffic, is THIS:

<?php
	include("../../../r/pagevisit.php");
?>

there's nothing wrong with that, is there you guys?  that isn't a security risk, is it?  thanks!

[ginerjm]

As long as you code that strange path in a single place that is reachable from every script that needs it.  You wouldn't want to have to go looking for all occurrences of it if it needed to be altered.

And if your string "relative path pointer" is simply a substitute for whatever path you are going to place there.  If not, it needs a $ sign

[requinix]

Relative paths can behave strangely. Don't use them.

Do what mac_gyver said.