PHP Include command stopped working?

[WraithW]

Anyone know how I can get my PHP to reboot or why the INCLUDE command has decided to stop doing its thing?

I have a rotating banner / logo on my homepage as well as at the top of my forum which is called using INCLUDE however for some reason today this has stopped functioning.

The banner.php file which the INCLUDE command calls up is still there & works when I run it however when it is called using the INCLUDE command for some reason it just stopped working.

I have not made any code edits or removed any files so for this to suddenly stop acknowledging this code is strange

I even rebooted my VPS in hopes this would work but it is still refusing to acknowledge this command?

I posted here in acase anyone has any ideas as well as submitted a ticket, any help would be appreciated

[Pawel Kowalski]

What error are you seeing?

[WraithW]

That's just it I'm not getting any errors

Where the include command usually shows my rotating banner I just have nothing as if the code isn't even there? it's just a blank gap & when you look at my header it shows a space wide enough for the banner but no banner and on the main site page all the text which usually shows under the banner is now showing at the top of the page because the banner isn't showing

[thecoalman]

Do you have any other php in the file?

Be sure to check the path. I always use this:

Code:

require($_SERVER['DOCUMENT_ROOT'] . '/somefolder/somefile.php');

A failed include will not cause a php script to fail, require will.

http://us3.php.net/require

require() and include() are identical in every way except how they handle failure. They both produce a Warning, but require() results in a Fatal Error. In other words, don't hesitate to use require() if you want a missing file to halt processing of the page. include() does not behave this way, the script will continue regardless. Be sure to have an appropriate include_path setting as well.

Try putting this at the top of your script:

Code:

error_reporting(E_ALL);

Be sure to remove it once you figure out what is wrong.

[WraithW]

Thanks very much for the help, I changed the path from direct to relevant as I'd always used http://.... in the command, worked fine right up until 1-2 days ago without any changes etc from myself so don't know why that stopped working

I changed it to a path /folder1/foler2/file etc & it now works so go figure

thanks anyway, will look at you method above, I'm not used to the "($_SERVER['DOCUMENT_ROOT'] . " style, still getting use to the commands but this is a nice learning curve for me

[the_ancient]

Thanks very much for the help, I changed the path from direct to relevant as I'd always used http://.... in the command, worked fine right up until 1-2 days ago without any changes etc from myself so don't know why that stopped working

I changed it to a path /folder1/foler2/file etc & it now works so go figure

thanks anyway, will look at you method above, I'm not used to the "($_SERVER['DOCUMENT_ROOT'] . " style, still getting use to the commands but this is a nice learning curve for me

Looks like some may have closed a Security hole on that server. You should NEVER include a file using "http"

[thecoalman]

$_SERVER['DOCUMENT_ROOT'] is predefined variable in the $_SERVER array. There's others:

http://us2.php.net/reserved.variables

$_GET and post $_POST would be two others to investigate.

-----------------------
The issue with referencing just folders is the path is relative, if you move the location of the file to a different directory and the path is no longer relative to the new directory the include will fail. By using $_SERVER['DOCUMENT_ROOT'] your making the path absolute so the include or require statement will work in any file regardless of where its location is.

[Gwaihir]

Moving a file should generally not affect finding its includes. The paths are relative to the php include path, which is only the script's own path if you've neglected to define it properly.

$_GET, $_POST and even $_SERVER are unsafe data. In particular using data directly from $_GET and $_POST to form an include path is a beginner security mistake.

You are better off setting the include path yourself in php.ini or defining a constant INCLUDES_ROOT of your own in whatever place you store your config settings and then use that to form each path. The php.ini (or at other hosts .htaccess) approach has my personal prefence.

[thecoalman]

$_GET, $_POST and even $_SERVER are unsafe data. In particular using data directly from $_GET and $_POST to form an include path is a beginner security mistake.

For the record I meant investigate them for other uses, how is the $_SERVER['DOCUMENT_ROOT'] variable unsafe?

[Pawel Kowalski]

I don't think $_SERVER['DOCUMENT_ROOT'] is a problem since this is defined by the server and not passed from the client (I could be wrong). But other $_SERVER variables that are passed from the client can pose serious security issues if not properly checked. HTTP_REFERER comes to mind instantly but there are others.

[Gwaihir]

Right, some of the values in $_SERVER cannot be trusted though others are fairly safe. $_SERVER['DOCUMENT_ROOT'] seems to be one of the safe ones. But are you willing to figure out and remember which are which and will you notice if for example a $_SERVER['PHP_SELF'] slips in, if you use this all over the place?

Being sure of this base is very vital security wise and it is a constant, so even if I were to go from $_SERVER['DOCUMENT_ROOT'], I would define a constant with its value as early in the script as possible, if only to avoid a hacker sneeking in a line somewhere that redefines it later on. For this I just don't want to wonder about what might have happened to the variable, something Zend Studio 6+ appearently agrees with btw: it gives a warning whenever you use a variable for including a file.

Another reason to work this way is that you can easily move your whole set of includes to another folder, because you have but a single place in which you need to make the change.