Giải pháp thiết kế web động với PHP - p 13

LIGHTENING YOUR WORKLOAD WITH INCLUDESHaving said that, you can convert a site-root-relative path to an absolute one by concatenating the superglobal variable $_SERVER[DOCUMENT_ROOT] to the beginning of the path like this: include($_SERVER[DOCUMENT_ROOT] . /includes/filename.php); Most servers support $_SERVER[DOCUMENT_ROOT], but you should check the PHP Variables section at the bottom of the configuration details displayed by phpinfo() to make sure. Now, this is the point that tends to confuse many people. Although you can t use a site-root-relative link to include a file, the links inside the include file should normally be relative to the site root. This is because an...
Nội dung trích xuất từ tài liệu:
Giải pháp thiết kế web động với PHP - p 13 LIGHTENING YOUR WORKLOAD WITH INCLUDES Having said that, you can convert a site-root-relative path to an absolute one by concatenating the superglobal variable $_SERVER[DOCUMENT_ROOT] to the beginning of the path like this: include($_SERVER[DOCUMENT_ROOT] . /includes/filename.php); Most servers support $_SERVER[DOCUMENT_ROOT], but you should check the PHP Variables section at the bottom of the configuration details displayed by phpinfo() to make sure. Now, this is the point that tends to confuse many people. Although you can t use a site-root-relative link to include a file, the links inside the include file should normally be relative to the site root. This is because an include file can be included at any level of the site hierarchy, so document-relative links break when a file is included at a different level. You might have noticed a contradiction between the previous paragraph and the document-relative links in menu.inc.php . They have been deliberately left like that because, unless you have created a virtual host, the site root is localhost , not phpsols . This is a disadvantage of testing a site in a subfolder of the web server s document root. The Japan Journey site used throughout this book has only one level, so the document-relative links work. When developing a site that uses multiple levels of folders, use site-root-relative links inside your include files, and consider setting up a virtual host for testing (see Chapter 2 for details).Security considerations with includes Include files are a very powerful feature of PHP. With that power come some serious security risks. As long as the external file is accessible, PHP includes it and incorporates any code into the main script. But, as mentioned in the previous section, include files can be located anywhere. Technically speaking, they can even be on a different server. However, this was considered such a security risk, a new configuration directive, allow_url_include, was introduced in PHP 5.2. The default setting is Off, so it s now impossible to include files from a different server unless you have complete control over your server s configuration. Unlike include_path, the allow_url_include directive cannot be overridden except by the server administrator. Even if you control both servers yourself, you should never include a file from a different server. It s possible for an attacker to spoof the address and try to execute a malicious script on your site.Chapter review This chapter has plunged you headlong into the world of PHP, using includes, arrays, and multidimensional arrays. It has shown you how to extract the name of the current page, display a random image, and get the image s dimensions. You have also learned how to throw and catch exceptions and to redirect to a different page. There s a lot to absorb, so don t worry if it doesn t all sink in the first time. The more you use PHP, the more familiar you ll become with the basic techniques. In the next chapter, you ll learn how PHP processes input from online forms and will use that knowledge to send feedback from a website to your email inbox. 101 Download from Wow! eBook 102 CHAPTER 4 Chapter 5 Bringing Forms to Life Forms lie at the very heart of working with PHP. You use forms for logging in to restricted pages, registering new users, placing orders with online stores, entering and updating information in a database, sending feedback . . . The list goes on. The same principles lie behind all these uses, so the knowledge you gain from this chapter will have practical value in most PHP applications. To demonstrate how to process information from a form, I m going to show you how to gather feedback from visitors to your site and send it to your mailbox. Unfortunately, user input can expose your site to malicious attacks. It s important to always check data submitted from a form before accepting it. Although HTML5 form elements validate user input in the most recent browsers, you still need to check the data on the server. HTML5 validation helps legitimate users avoid submitting a form with errors, but malicious users can easily sidestep checks performed in the browser. Server-side validation is not optional, but essential. The PHP solutions in this chapter show you how to filter out or block anything suspicious or dangerous. It doesn t take a lot of effort to keep marauders at bay. It s also a good idea to preserve user input and redisplay it if the form is incomplete or errors are discovered. These solutions build a complete mail processing script that can be reused in different forms, so it s impor ...