Is It a Good Idea to Use $_Server['Document_Root'] in Includes

  • Home
  • Languages
  • PHP
  • Is It a Good Idea to Use $_Server['Document_Root'] in Includes

Is it a good idea to use $_SERVER['DOCUMENT_ROOT'] in includes?

I've seen cases where $_SERVER['DOCUMENT_ROOT'] is not set or is not what you would expect (i.e. not set in CLI or old IIS, or invalid in certain CGI setups).

For that reason you can use dirname(__FILE__) to obtain the path of the script that line is called in. You can then reference relative paths from there e.g.

include dirname(__FILE__) . '/../../other/file.php';

I go with the above method when the directory structure of the files is known and is not subject to change.

If DOCUMENT_ROOT is not available, the following is a suitable replacement:

substr($_SERVER['SCRIPT_FILENAME'], 0, -strlen($_SERVER['SCRIPT_NAME']));

What is the point of using $_SERVER['document_root']?

$_SERVER['DOCUMENT_ROOT'] is incredibly useful especially when working in your development environment. If you're working on large projects you'll likely be including a large number of files into your pages. For example: 

<?php 
//Defines constants to use for "include" URLS - helps keep our paths clean 

        define("REGISTRY_CLASSES",  $_SERVER['DOCUMENT_ROOT']."/SOAP/classes/"); 
        define("REGISTRY_CONTROLS", $_SERVER['DOCUMENT_ROOT']."/SOAP/controls/"); 

        define("STRING_BUILDER",     REGISTRY_CLASSES. "stringbuilder.php"); 
        define("SESSION_MANAGER",     REGISTRY_CLASSES. "sessionmanager.php"); 
        define("STANDARD_CONTROLS",    REGISTRY_CONTROLS."standardcontrols.php"); 
?>

In development environments, you're rarely working with your root folder, especially if you're running PHP locally on your box and using DOCUMENT_ROOT is a great way to maintain URL conformity. This will save you hours of work preparing your application for deployment from your box to a production server (not to mention save you the headache of include path failures).

However it is a personal choice, many frameworks use dirname(__FILE__) to work out the application path based on a known file, usually the index.php

PHP - Is there any concern with using $_SERVER['DOCUMENT_ROOT'] . pathname on every page that needs to include another file?

As PHP is parsed exclusively on the server, using $_SERVER['DOCUMENT_ROOT'] will never be passed to the client and doesn't create a security issue.

However, like all $_SERVER variables, $_SERVER['DOCUMENT_ROOT'] is only made available by your webserver and running these scripts in a command line environment will cause an undefined error.

PHP - include using $_SERVER['DOCUMENT_ROOT'] gives permission denied although its 777?

This does not work because it this:

include_once $_SERVER['DOCUMENT_ROOT']  . '/includes/myfile.php';

That $_SERVER['DOCUMENT_ROOT'] refers to the absolute web server main document root for the web server itself. Not per-user public_html web directories. Which is why this works:

include_once '/home/username/public_html/includes/myfile.php';

Is it a permission issue from server administrator side? Or I can
solve it from mine?

1,000,000% no. This is simply an understanding of what path is what & why on a server.

Also, 777 permissions are horrible & a security risk. If the first think you believe needs to be done to solve an issue like this is to just go chmod 777 you are not solving the problem & creating a security risk.

777 means that 100% of anyone can read, write or execute that file. And that is just not needed for PHP running under Apache.

For a PHP file it can jet be 664 or 644 because PHP files do not need to be executed. They just need to be read by the file system & then parsed by the Apache PHP module.

That said, if you are trying to simplify the way that files are loaded, you should explicitly set a $BASE_PATH like this:

$BASE_PATH = '/home/username/public_html/';

And then set your include_once like this:

include_once $BASE_PATH  . 'includes/myfile.php';

Automatting the way file paths are set for installs just never works well. Best just to manually set a $BASE_PATH in a config file when you move code than deal with the headaches caused by PHP constants like $_SERVER not being consistent between installs, setups & configurations.

Difference between $_SERVER['DOCUMENT_ROOT'] and $_SERVER['HTTP_HOST']

DOCUMENT_ROOT

The root directory of this site defined by the 'DocumentRoot' directive in the General Section or a section e.g.

DOCUMENT_ROOT=/var/www/example

HTTP_HOST

The base URL of the host e.g.

HTTP_HOST=www.example.com

The document root is the local path to your website, on your server; The http host is the hostname of the server. They are rather different; perhaps you can clarify your question?

Edit:
You said:

Case 1 : header('Location: '. $_SERVER['DOCUMENT_ROOT'] . '/abc.php')

Case 2: header('Location: '. $_SERVER['HTTP_HOST'] . '/abc.php')

I suspect the first is only going to work if you run your browser on the same machine that's serving the pages.

Imagine if someone else visits your website, using their Windows machine. And your webserver tells them in the HTTP headers, "hey, actually, redirect this location: /var/www/example/abc.php." What do you expect the user's machine to do?

Now, if you're talking about something like

<?php include($_SERVER['DOCUMENT_ROOT'] . '/include/abc.php') ?>

vs

<?php include($_SERVER['HTTP_HOST'] . '/include/abc.php') ?>

That might make sense. I suspect in this case the former is probably preferred, although I am not a PHP Guru.

Performance of $_SERVER['DOCUMENT_ROOT'], or define(SITE_ROOT, ]);

To use:

define("SITE_ROOT", "/");  //Typo removed

Is a just a little little bit faster than:

$_SERVER['DOCUMENT_ROOT'] . "/path/to/file"

Since you always concatenate something, is the constant a bit faster. But I think this falls under micro management and I don't think that this is your biggest performance issue in your code.

Even if this would be your "biggest performance issue", even then I would say the difference is so small you can decide, what you want to use and what you think is more readable.

PHP: Is there an easier reference for docroot than $_SERVER['DOCUMENT_ROOT']?

The best solution I could find is assigning $_SERVER['DOCUMENT_ROOT'] to a constant:

define('DOCROOT', $_SERVER['DOCUMENT_ROOT']);

It's easier to type and just as global, even in class definitions and instantiated objects, simply called like:

$path = DOCROOT . '/logfolder';

This will work as long as the calling script or an included file has the definition.

It is also possible to set server environment variables that are passed down to PHP in a $_ENV array (would is still easier to type), though that is dependent on your server and configuration.


Related Topics

Decrypting Strings in Python That Were Encrypted with Mcrypt_Rijndael_256 in PHP

Belongstomany Relationship in Laravel Across Multiple Databases

Auth::User() Returns Null

Yii2 Translation Does Not Work

File Attachment with PHPmailer

How to Join Two Tables with Ssp.Class.Php

How to Validate a Domain Name Using Regex & PHP

Pdo SQLite Could Not Find Driver... PHP File Not Processing

How to Handle Diacritics (Accents) When Rewriting 'Pretty Urls'

How to Pass an Array Using PHP & Ajax to JavaScript

JSON_Encode() Non Utf-8 Strings

Increase PHP Script Execution Time

How to Use String Concatenation to Define a Class Const in PHP

Laravel 5.2 Cors, Get Not Working with Preflight Options

PHP Include Causes White Space at the Top of the Page

How to Get the Value of a Private Property with Reflection

Pass Array Literal to Postgresql Function

PHP Remove JavaScript


Leave a reply



Submit