Re: include, relative path

^AndreA^ wrote:
On May 23, 5:01 pm, Michael Fesser <neti...@xxxxxx> wrote:
.oO(^AndreA^)

Guys, sorry for my lateness... Thank you very much for your answers!
At the end I did simple:
include '../libraries/db_details.php';
It seems so simple and sounds strange to me that I didn't try it... I
really don't know what I was thinking that day... ;-)
An absolute path based on $_SERVER['DOCUMENT_ROOT'] would still be the
better and more reliable choice. You also should keep your library
_outside_ the document root for security reasons.

Micha

mmm... interesting...
I didn't use $_SERVER['DOCUMENT_ROOT'] because include '../libraries/
db_details.php'; sounded simpler and also it works on my localhost and
also on the server online so I didn't bother so much... but I'll have
a look on the internet to understand the advantages...

For what regarding security reasons I'm pretty curios, you say I
should keep my library outside the document root...
1) How could I do that?!?
Where do I have to place it and also how to get it outside of the
document root?

On an Unix like system you would have as an user ~/public_html as document root, everything from here and it's sub directories can be accessed with a web browser (we ignore htaccess). If you can access a file, there is two major risks, that the script can be used in a way it wasn't intended to be used as or that the PHP parsing fails, which leads to that the source code is displayed as plain text. To give protection against this, you place your flies in ~/myphpfiles, this directory can't be accessed with a browser, which protects those files from being displayed and makes it more difficult to be exploited.


2) Why for security reasons?!?
Nobody can reach my php scripts on the server... or not?
i.e. I could even write a clear password on a php file... right?!?

The day you update PHP on your system and something didn't go right, even if you think it did, people can see your source code and all your login data, that day you regret that you did write those logins and passwords in your public php files.
There can also be exploits that allows people to display variables, which means they could display your logins and passwords.

--

//Aho
.

Relevant Pages

  • Re: Object Oriented Content System - the idea
    ... >I expected php to be smarter then that. ... >form like bytecode in memory for the next request. ... each action added some stuff to a "response" XML document. ... that map/object/data and formats it for HTML display using an includeed PHP ...
    (comp.lang.php)
  • Re: session trouble
    ... Note that you're building your display block AFTER your loop. ... <?php session_start; ... The problem here is going to be since you have multiple school clubs, it's going to be hard to relate a particular club to the entry in your database if it going to be changed. ... Another way is to add a suffix to each field, often times the primary key for the table. ...
    (comp.lang.php)
  • Re: Redirecting between PHP Pages
    ... but at the very least in a php script. ... > on the outcome of the validation, you want to do one of two things: ... with the various bits of HTML being ... Display login form ...
    (comp.lang.php)
  • Re: Open and process remote page
    ... William Hudson wrote: ... I have toyed with some of the php functions for opening URLs, ... > I need to fully emulate a browser, ... > display the remote page). ...
    (comp.lang.php)
  • Re: Redirecting between PHP Pages
    ... Display login form ... >>other php files, you should never need a redirect your page except to ... pass it on to smarty which then displays it as html for me. ...
    (comp.lang.php)