Is it a good idea to use $_SERVER['DOCUMENT_ROOT'] in includes?
I've seen cases where $_SERVER['DOCUMENT_ROOT']
is not set or is not what you would expect (i.e. not set in CLI or old IIS, or invalid in certain CGI setups).
For that reason you can use dirname(__FILE__)
to obtain the path of the script that line is called in. You can then reference relative paths from there e.g.
include dirname(__FILE__) . '/../../other/file.php';
I go with the above method when the directory structure of the files is known and is not subject to change.
If DOCUMENT_ROOT
is not available, the following is a suitable replacement:
substr($_SERVER['SCRIPT_FILENAME'], 0, -strlen($_SERVER['SCRIPT_NAME']));
What is the point of using $_SERVER['document_root']?
$_SERVER['DOCUMENT_ROOT']
is incredibly useful especially when working in your development environment. If you're working on large projects you'll likely be including a large number of files into your pages. For example:
<?php
//Defines constants to use for "include" URLS - helps keep our paths clean
define("REGISTRY_CLASSES", $_SERVER['DOCUMENT_ROOT']."/SOAP/classes/");
define("REGISTRY_CONTROLS", $_SERVER['DOCUMENT_ROOT']."/SOAP/controls/");
define("STRING_BUILDER", REGISTRY_CLASSES. "stringbuilder.php");
define("SESSION_MANAGER", REGISTRY_CLASSES. "sessionmanager.php");
define("STANDARD_CONTROLS", REGISTRY_CONTROLS."standardcontrols.php");
?>
In development environments, you're rarely working with your root folder, especially if you're running PHP locally on your box and using DOCUMENT_ROOT
is a great way to maintain URL conformity. This will save you hours of work preparing your application for deployment from your box to a production server (not to mention save you the headache of include path failures).
However it is a personal choice, many frameworks use dirname(__FILE__)
to work out the application path based on a known file, usually the index.php
PHP - Is there any concern with using $_SERVER['DOCUMENT_ROOT'] . pathname on every page that needs to include another file?
As PHP is parsed exclusively on the server, using $_SERVER['DOCUMENT_ROOT']
will never be passed to the client and doesn't create a security issue.
However, like all $_SERVER
variables, $_SERVER['DOCUMENT_ROOT']
is only made available by your webserver and running these scripts in a command line environment will cause an undefined error.
PHP - include using $_SERVER['DOCUMENT_ROOT'] gives permission denied although its 777?
This does not work because it this:
include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/myfile.php';
That $_SERVER['DOCUMENT_ROOT']
refers to the absolute web server main document root for the web server itself. Not per-user public_html
web directories. Which is why this works:
include_once '/home/username/public_html/includes/myfile.php';
Is it a permission issue from server administrator side? Or I can
solve it from mine?
1,000,000% no. This is simply an understanding of what path is what & why on a server.
Also, 777
permissions are horrible & a security risk. If the first think you believe needs to be done to solve an issue like this is to just go chmod 777
you are not solving the problem & creating a security risk.
777
means that 100% of anyone can read, write or execute that file. And that is just not needed for PHP running under Apache.
For a PHP file it can jet be 664
or 644
because PHP files do not need to be executed. They just need to be read by the file system & then parsed by the Apache PHP module.
That said, if you are trying to simplify the way that files are loaded, you should explicitly set a $BASE_PATH
like this:
$BASE_PATH = '/home/username/public_html/';
And then set your include_once
like this:
include_once $BASE_PATH . 'includes/myfile.php';
Automatting the way file paths are set for installs just never works well. Best just to manually set a $BASE_PATH
in a config file when you move code than deal with the headaches caused by PHP constants like $_SERVER
not being consistent between installs, setups & configurations.
Difference between $_SERVER['DOCUMENT_ROOT'] and $_SERVER['HTTP_HOST']
DOCUMENT_ROOT
The root directory of this site defined by the 'DocumentRoot' directive in the General Section or a section e.g.
DOCUMENT_ROOT=/var/www/example
HTTP_HOST
The base URL of the host e.g.
HTTP_HOST=www.example.com
The document root is the local path to your website, on your server; The http host is the hostname of the server. They are rather different; perhaps you can clarify your question?
Edit:
You said:
Case 1 : header('Location: '. $_SERVER['DOCUMENT_ROOT'] . '/abc.php')
Case 2: header('Location: '. $_SERVER['HTTP_HOST'] . '/abc.php')
I suspect the first is only going to work if you run your browser on the same machine that's serving the pages.
Imagine if someone else visits your website, using their Windows machine. And your webserver tells them in the HTTP headers, "hey, actually, redirect this location: /var/www/example/abc.php." What do you expect the user's machine to do?
Now, if you're talking about something like
<?php include($_SERVER['DOCUMENT_ROOT'] . '/include/abc.php') ?>
vs
<?php include($_SERVER['HTTP_HOST'] . '/include/abc.php') ?>
That might make sense. I suspect in this case the former is probably preferred, although I am not a PHP Guru.
Performance of $_SERVER['DOCUMENT_ROOT'], or define(SITE_ROOT, ]);
To use:
define("SITE_ROOT", "/"); //Typo removed
Is a just a little little bit faster than:
$_SERVER['DOCUMENT_ROOT'] . "/path/to/file"
Since you always concatenate something, is the constant a bit faster. But I think this falls under micro management and I don't think that this is your biggest performance issue in your code.
Even if this would be your "biggest performance issue", even then I would say the difference is so small you can decide, what you want to use and what you think is more readable.
PHP: Is there an easier reference for docroot than $_SERVER['DOCUMENT_ROOT']?
The best solution I could find is assigning $_SERVER['DOCUMENT_ROOT']
to a constant:
define('DOCROOT', $_SERVER['DOCUMENT_ROOT']);
It's easier to type and just as global, even in class definitions and instantiated objects, simply called like:
$path = DOCROOT . '/logfolder';
This will work as long as the calling script or an included file has the definition.
It is also possible to set server environment variables that are passed down to PHP in a $_ENV array (would is still easier to type), though that is dependent on your server and configuration.
Related Topics
Decrypting Strings in Python That Were Encrypted with Mcrypt_Rijndael_256 in PHP
Belongstomany Relationship in Laravel Across Multiple Databases
Yii2 Translation Does Not Work
File Attachment with PHPmailer
How to Join Two Tables with Ssp.Class.Php
How to Validate a Domain Name Using Regex & PHP
Pdo SQLite Could Not Find Driver... PHP File Not Processing
How to Handle Diacritics (Accents) When Rewriting 'Pretty Urls'
How to Pass an Array Using PHP & Ajax to JavaScript
JSON_Encode() Non Utf-8 Strings
Increase PHP Script Execution Time
How to Use String Concatenation to Define a Class Const in PHP
Laravel 5.2 Cors, Get Not Working with Preflight Options
PHP Include Causes White Space at the Top of the Page
How to Get the Value of a Private Property with Reflection