jerastraub Posted January 3, 2007 Share Posted January 3, 2007 Is there any difference in server load between a php include statement verses a php readfile? Also I have another question.I read recently the following:[code]"There is a security issue using the "include" command as it will run just as if the browser had allowed it.It is possible for a malicious web site to cause damage to your computer including deleting everything."[/code]Is this True or False? Link to comment https://forums.phpfreaks.com/topic/32647-php-readfile-vs-include/ Share on other sites More sharing options...
corbin Posted January 3, 2007 Share Posted January 3, 2007 Includes are parsed server side before the client even sees the page, so I don't know why a client would treat included content different, or for that matter how it would even know content is included. Link to comment https://forums.phpfreaks.com/topic/32647-php-readfile-vs-include/#findComment-151914 Share on other sites More sharing options...
PFMaBiSmAd Posted January 3, 2007 Share Posted January 3, 2007 The readfile(...) outputs the contents of the file to the browser. If this was HTML/CSS/javascript, it would have meaning. If the file contains PHP, the php code is not parsed and is simply sent to the browser. The browser would attempt to render and display this as if it was HTML. The readfile(...) statement is not the functional equivalent of the php include(...) statement.The first sentence in your security question is nonsense. A PHP include (and even a SSI include) is executed server side and a browser has no knowledge of or control over it.For your second security question. A web site by it self, just serving HTML/CSS/javascript cannot harm anything on your computer. The danger comes in if a web site serves a .zip/.exe file with malicious code and you execute it or if it serves a media/document file which contains an exploit for a media player/viewer or application (Word/Excel...). Link to comment https://forums.phpfreaks.com/topic/32647-php-readfile-vs-include/#findComment-151936 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.