PHP help page

The articles contain information from external sources as well as my own experience in writing PHP applications. Note that links to the original external sources may no longer be active.

If you are are after help on a particular item try the search facility above.

 
Five ways to create include path for PHP

(from http://www.geeksengine.com/article/php-include-path.html, viewed 2-Jun-2011)

Here are 5 ways to create PHP include path.

  1. Use php.ini

  2. Use .htaccess

  3. Use ini_set function

  4. Use set_include_path function

  5. Manually code the path


Method 1: Use php.ini to create include path

If PHP is compiled as a CGI binary, you can use php.ini to create include path. If you have no direct access to php.ini on the web server (e.g. you are using shared web hosting), you can create a custom php.ini on your hosting account's web root directory. Note that, you need to place your custom php.ini in every folder where include path is used.

Don't want to place php.ini in every subfolder?

GeeksEngine is hosted by LunarPages where PHP is compiled as CGI. In addition, LunarPages also uses suPHP to parse php scripts. An account can have multiple php.ini files in different folders so you can customize the php processing in different folders should your script require it. A php.ini file will not inherit down into subfolders. However, you can create a .htaccess file in the same folder as the php.ini file and place the following code into it:

suPHP_ConfigPath /home/username/public_html/

where "username" is your cPanel username. This will cause the php.ini file to affect all subfolders, unless a php.ini file is in a subfolder, at which point the php.ini in the subfolder takes precedence.


To create include path in your php.ini file, download your current php.ini from your website by using a FTP client, or create a new one if you don't have it yet. Open php.ini file in your favorite text editor and add include path in either of the following two ways:

  1. Include folder is at your hosting account's home directory.

    It's a good idea to create include folder at the home directory level (which is one level above the public_html folder) so that sensitive files are placed outside the publicly accessible web folder (where public_html is) - just an extra precaution.

    Add the following line in your custom php.ini file:

    include_path = ".:/home/your_cpanel_username/your_include_folder_name"

    Make sure to replace your_cpanel_username with your actual cPanel username and replace your_include_folder_name with the actual folder name you have created in your hosting account's home directory.

    Setting up include path this way is recommended as no one can access folders in your home directory which is one level higher than your web root (public_html) directory.

  2. Include folder is at your hosting account's web root directory.

    Web root directory is the folder you place all your web pages. When you connect to your hosting account via a FTP client, you should normally see a folder called public_html. This is the web root directory. Note that it might be named as something else by your hosting company. Please refer to your hosting account setup email or contact your hosting company if you are not sure.

    Add the following line in your custom php.ini file:

    include_path = ".:/home/your_cpanel_username/webroot/your_include_folder_name"

    Make sure to replace your_cpanel_username with your actual cPanel username. Replace webroot with the actual folder name of the web root directory (e.g. public_html), and replace your_include_folder_name with the actual folder name you have created in your hosting account web root directory.

    Note that there is a potential security issue related to the include folder if it's placed in web root directory. Click here to jump to the bottom section of this page to see how to fix it.

  3. On Windows, the include folder can be any folder on your hard disk.

    For example, two include paths defined in php.ini for my local site:

    include_path = ".;C:\test;C:\php\PEAR"

    php.ini is at C:\WINNT on Windows 2000 or Windows XP.

Note: Separate each include path by : (colon) on a Unix/Linux system. On Windows, the separator is ; (semi-colon).

Here is the example given in php.ini file in C:\WINNT folder:

UNIX: "/path1:/path2"

Windows: "\path1;\path2"


Method #2: Use .htaccess to create include path

If PHP is compiled as a Apache module, you can use .htaccess to create include path. This file is placed at your web root directory.

Download your .htaccess file if you have got one or create a new one. .htaccess is just a text file and can be edited by using a text editor.

Open .htaccess in your text editor and use either of the following three options:

  1. Include folder is at your hosting account's home directory.

    Add the following line in your custom .htaccess file:

    php_value include_path ".:/home/your_cpanel_username/your_include_path"

    Make sure to replace your_cpanel_username with your actual cPanel username and replace your_include_path with the actual folder name you have created in your hosting account home directory.

    Setting up include path this way is recommended as no one can access folders in your home directory which is one level higher than your web root (public_html) directory.

  2. Include folder is at your hosting account's web root directory.

    Add the following line in your .htaccess file:

    php_value include_path ".:/home/your_cpanel_username/webroot/your_include_path"

    Make sure to replace your_cpanel_username with your actual cPanel username. Replace webroot with the actual folder name of the web root directory (e.g. public_html), and replace your_include_folder_name with the actual folder name you have created in your hosting account web root directory.

  3. On Windows, the include folder can be any folder on your hard disk.

    For example, two include paths defined in .htaccess for my local site:

    php_value include_path ".;C:\test;C:\php\PEAR"

    Note that if you use .htaccess to create include path, it causes conflict with the one created in your php.ini file. You can only create include path in either .htaccess or php.ini on Windows but not both.


Method #3: Use ini_set function

ini_set function sets the include_path configuration option and can be used in individual php file to create php settings on the fly. As it only works for the duration of the script, it has a slight performance penalty as ini_set is called every time the page runs. Not recommended.

ini_set works in all PHP versions.

Example 1: Include path is a relative path to a PHP page at web root.

<?
/* 
Assume this PHP file is report.php at web root.

inc and common/new are relative path to this PHP page. 

Folder inc and common are in web root. 
*/ 

ini_set("include_path", "inc");

ini_set("include_path", "common/new");
?>

Example 2: Include path is a relative path to a PHP page at /product/

<?
/* 
Assume this PHP file is /product/report.php. The folder product is in web root.

../inc and ../common/new are relative path to this PHP page.

Folder inc and common are in web root.
*/

ini_set("include_path", "../inc"); 

ini_set("include_path", "../common/new");
?>

For detailed information about absolute path and relative path, refer to article Absolute Path and Relative Path Explained.


Method #4: Use set_include_path function for PHP version >= 4.3.0 or PHP 5

set_include_path sets the include_path configuration option and can be used in individual php file to create php settings on the fly. As it only works for the duration of the script, it has a slight performance penalty as set_include_path is called every time the page runs. Not recommended.

Example 1: Include path is a relative path to a PHP page at web root.

<?
/* 
Assume this PHP file is report.php at web root. 

inc and common/new are relative path to this PHP page. 

Folder inc and common are in web root. 
*/ 

set_include_path("inc");

set_include_path("common/new");
?>

Example 2: Include path is a relative path to a PHP page at /product/

<? 
/* 
Assume this PHP file is /product/report.php. The folder product is in web root. 

../inc and ../common/new are relative path to this PHP page. 

Folder inc and common are in web root. 
*/ 

set_include_path("include_path", "../inc"); 

set_include_path("include_path", "../common/new"); 
?>

Example 3: this example is from PHP.net website

<?
$path = "/usr/lib/pear";
set_include_path(get_include_path() . PATH_SEPARATOR . $path);
?>

Note that get_include_path retrieves the current include path defined in php.ini file.

PATH_SEPARATOR is a PHP constant. Making use of the PATH_SEPARATOR constant, it is possible to extend the include path regardless of the operating system. Based on what the operating system is, it can be used to get the separator character (used in php.ini) on the fly. On a Unix/Linux system, the separator is : (colon). On Windows, the separator is ; (semi-colon).

PATH_SEPARATOR concatenates the include path defined by you to the one defined by your hosting company.

UNIX: "/path1:/path2:/path3"

Windows: "\path1;\path2;\path3"


Method #5: Manually code the include path in PHP page.

You can define what folder is you include path in a PHP page like below. Note that, similar to ini_set or set_include_path, you need to use this code in individual PHP pages and it only lasts for the duration of the script.

$_SERVER["DOCUMENT_ROOT"] returns the web root directory.

 

<?
$INC_DIR = $_SERVER["DOCUMENT_ROOT"]. "/inc/";
include($INC_DIR. "common.php");
?>

How to secure files in the include folder

If you have placed the include folder in web root directory, because it can be accessed by anyone via internet and include files could contain sensitive information such as database password, you should always consider securing the folder and files in it.

Normally, if the files in your include folder use file extension .php, or any other scripting file extensions such as .pl, .asp, .jsp, viewing the page should not reveal page content because these files are processed by web servers before the rendered HTML is sent to viewer's web browser. To have a 100% peace of mind and prevent any unfriendly probe attempt, it's always a good idea to secure the folder.

There are two ways to secure the include folder:

  1. Use .htaccess file

    This is the easier way to do. Create a .htaccess file and place it in the include folder. Inside .htaccess file, add the following line:

    deny from all

    This denies anyone from accessing files in the include folder. Basically, a 403 Forbidden page is displayed when someone tries to view any page in this folder.

    403 Forbidden page

  2. Set access permissions on the include folder to 770 using chmod.
 
Variable passing by Value or Reference, the & symbol

These are known as references.

Here is an example of some "regular" PHP code:

function alterMe($var) {
      $var = 'hello';
}

$test = 'hi';
alterMe($test);
print $test; // prints hi

$a = 'hi';
$b = $a;
$a = 'hello';
print $b; // prints hi

And this is what you can achieve using references:

function alterMe(&$var) {
$var = 'hello';
}

$test = 'hi';
alterMe($test);
print $test; // prints hello

$a = 'hi';
$b &= $a;
$a = 'hello';
print $b; // prints hello

The nitty gritty details are in the documentation. Essentially, however:

References in PHP are a means to access the same variable content by different names. They are not like C pointers; instead, they are symbol table aliases. Note that in PHP, variable name and variable content are different, so the same content can have different names. The closest analogy is with Unix filenames and files - variable names are directory entries, while variable content is the file itself. References can be likened to hardlinking in Unix filesystem.
 
Checking for Installed Libraries

Sometimes not all libraries that are required for your PHP script are installed. To avoid errors showing up to the user either put a '@' in front of the function (see article) or use the script below.

To check if a library is installed:

if (TRUE == extension_loaded('imagick')) {
    if ($userImage <> "default.jpg") {   // Can't modify the default image!
        $im = @ new Imagick("img_user/".$userImage);
        if ($sepia===true) $im->sepiaToneImage(80.0);
        if ($oilpainting===true) $im->oilPaintImage(2.0);
        $im->writeImage("img_user/".$userImage);
        unset($im);
    }            
} else {
    echo "Image editing unavailable, imagick library NOT installed";
}

In this example we are checking if the imagick library has been installed. This resource is often overlooked by hosting companies.

If imagick is missing we do not process the commands that require it.
 
The @ symbol in PHP

Adding the "@" symbol in front of any function call will suppress any PHP-generated error messages from that function call. In general, this is used to prevent users from seeing nasty error messages when you have coded something incorrectly.

That means that if that function generates a non-fatal error (warning) it will not display the warning message in your HTML, rather just return false and let the program cope with it.

For example:

The line:

$im = new Imagick("img_user/".$userImage);

causes the error below if Imagick is not installed.

PHP Error Message
Fatal error: Class 'Imagick' not found in /home/a6911855/public_html/locoshed/myaccount.php on line 215

To avoid this use a @ in front of the function as per example below:

$im = @ new Imagick("img_user/".$userImage);
 


facebookjoinCopyright © 2010 Rinet IT. All rights reserved. Admin.
Powered by Joomla! Design based on Splash template by BUYHTTP. Open Source Matters