Reputation: 651
PHP - Is there any concern with using $_SERVER['DOCUMENT_ROOT'] . "pathname" on every page that needs to include another file?
Due to path issues, I changed my php site to have the following statement at least once on each page:
include($_SERVER['DOCUMENT_ROOT'] . "/path/file.php");
Are there any concerns (mainly security) that I should have using this approach?
(before I just used: include("/path/file.php"); )
Upvotes: 5
Views: 944
Answers (2)
Reputation: 36299
I have never heard of any concerns when using that, but I prefer doing this:
require_once __DIR__ . "/path/to/file/from/current/filephp";
I do this, because we don't always know if there will be a document root, but we do know that the current file does have a current directory.
Upvotes: 0
Reputation: 7409
As PHP is parsed exclusively on the server, using $_SERVER['DOCUMENT_ROOT'] will never be passed to the client and doesn't create a security issue.
However, like all $_SERVER variables, $_SERVER['DOCUMENT_ROOT'] is only made available by your webserver and running these scripts in a command line environment will cause an undefined error.
Upvotes: 4
Related Questions
- PHP using $_SERVER["DOCUMENT_ROOT"] and relative or absolute paths
- Using $_SERVER['DOCUMENT_ROOT'] means I can't access variables in an included file
- Is it a good idea to use $_SERVER['DOCUMENT_ROOT'] in includes?
- $_SERVER['DOCUMENT_ROOT'] vs $path = $_SERVER['DOCUMENT_ROOT']
- PHP Including a file based on pathinfo - security concern?
- PHP Include Path. Can it always be from the root directory?
- Is it prefered to use $_SERVER['DOCUMENT_ROOT'] in the website?
- Any downsides or security risks with set_include_path?
- nested php includes to server path
- including files without having to specify $_SERVER['DOCUMENT_ROOT']