Is it possible to stop including a php file?
In place of break
, use return
:
return
If called from the global scope, then execution of the current script file is ended. If the current script file was
include()
ed orrequire()
ed, then control is passed back to the calling file.
Prevent direct access to a php include file
The easiest way for the generic "PHP app running on an Apache server that you may or may not fully control" situation is to put your includes in a directory and deny access to that directory in your .htaccess file. To save people the trouble of Googling, if you're using Apache, put this in a file called ".htaccess" in the directory you don't want to be accessible:
Deny from all
If you actually have full control of the server (more common these days even for little apps than when I first wrote this answer), the best approach is to stick the files you want to protect outside of the directory that your web server is serving from. So if your app is in /srv/YourApp/
, set the server to serve files from /srv/YourApp/app/
and put the includes in /srv/YourApp/includes
, so there literally isn't any URL that can access them.
Is there a way to exit only the php file being included?
Just use return;
Do also be aware that it is possible to actually return something to a calling script in this way.
if your parent script has $somevar = include("myscript.php");
and then in myscript.php you do say... return true;
you will get that value in $somevar
Prevent that anybody can open include file directly in his browser
You have several options.
Check whether a constant is defined within your file. If not,
exit;
. Define a constant in the file that includes yourstartpage.inc.php
. This is how a lot of free scripts prevented unwanted inclusions.Don't have the script in the publicly available folder. Move it below document root so it can never be accessed directly, only when included via
include
orrequire
.
How to remove an include file?
The simple answer is no, you can't.
The expanded answer is that when you run PHP, it makes two passes. The first pass compiles the PHP into machine code. This is where include
s are added. The second pass is to execute the code from the first pass. Since the compilation pass is where the include
was done, there is no way to remove it at runtime.
Since you're having a function collision, here's how to get around that using objects(classes)
class Bob {
public static function samename($args) {
}
}
class Fred {
public static function samename($args) {
}
}
Note that both classes have the samename()
function but they live within a different class so there's no collision. Because they are static
you can call them like so
Bob::samename($somearghere);
Fred::samename($somearghere);
how to exclude a file after including it in php?
In PHP, once a resource is included, it can not be removed or "un-included". This is the very principle of PHP file inclusion. See : http://www.php.net/manual/en/function.include.php
The include statement includes and evaluates the specified file.
Once the interpreter has evaluated your code, the job is done. All operations have been taken into account, and in order to undo the changes, you have to perform the opposite operations. For instance, if your included file declares the class MyClass
then you would need to undefine it, which is also impossible for very same reason as above. See : Unset Class.
If your file actually adds functions and not classes, then since PHP 5.3, you can use anonymous functions. This allows you to assign functions to variables, which can be unset. See this answer for details.
If a part of your code's logic has to disappear at some point, then you did not spend enough time designing before implementing.
If you need to undo an inclusion because of name conflicts, the problem is pretty much the same. However, a solution in this case would be to use namespaces. Still, a little review of your application design should be enough to avoid such conflicts.
Edit about frameworks : a single framework cannot fit for each and every application. Symfony, for instance, uses namespaces absolutely everywhere to avoid any possible conflicts (yet, some occur). If your framework does not offer you the possibility to easily distinguish two model classes with the same name, then I'd say it does not fit (at least, not with your design).
Prevent direct access to a php file but allow including it
Here are two options you could give a try:
<?php
/**
* Returns true if current file is included
*/
function isIncluded() {
$f = get_included_files();
return $f[0] != __FILE__;
}
if(!isIncluded()) {
// Do some stuff, eg: print some HTML
} else {
// Show 403/error
}
?>
<?php
// You can also use (recommended)
if(__FILE__ !== $_SERVER["SCRIPT_FILENAME"]) {
// this file is being included
}
?>
You may also opt to put the files into a directory protected by a .htaccess
and a Deny from all
since PHP can bypass that, but users cannot.
PHP file include stops execution
As far as I see all the echos are executed before include(dirname(__FILE__) . '/dbRead.php');
, but no echo output is visible after that. There are some possibilities, for example:
- in
dbRead.php
you use for exampleob_start();
(see documentation), thus the echo is executed, but not sent to the browser, - you have some error that terminates the script in
dbRead.php
, but you have error reporting turned off (see documentation), - you invoked
exit
(see documentation) ordie()
(see documentation) within the included file,
How to prevent variables from being used when a file is include() ed
Use PHP namespaces:
File1.php:
<?php
namespace baz {
function foo() {
return "Bar";
}
}
namespace { // global code
$x = "XXX";
}
?>
File2.php:
<?php
include("File1.php");
echo $x; // outputs XXX
echo foo(); // Undefined
?>
To access foo
you have to use use:
File2.php:
<?php
include("File1.php");
use function baz\foo;
echo foo(); // outputs Bar
?>
Related Topics
How to Check If User Has Already Liked the Facebook Page
Why Does 'Intval(19.9 * 100)' Equal '1989'
Php: How to Check If the Client Is Local
Easiest Way to Implode() a Two-Dimensional Array
Access JSON Object Name in PHP
Extracting Matches from PHP Regex
How to Remove Empty Values from Multidimensional Array in PHP
How to Avoid Using PHP Global Objects
Validate That Input String Does Not Exceed Word Limit
PHP - Override Existing Function
Selecting Rows Where a Field Is Null Using PHP Pdo Prepared Statements and MySQL
Get Last Word from Url After a Slash in PHP
Simplexmlelement and Xpath, Getting Empty Array()
Is It Acceptable to Use a Mix of Object Oriented Style with Procedural Style in Coding PHP