Include/Require HTTP Address

Question

I'm in need to include a PHP file that I can only reach with a complete HTTP address. I'm confused about this topic, I've heard it's a bad practice. How can I solve that?

Answer 1

Yes, it is not recommended to include over HTTP, unless you're really sure about the source. If you just want to get the contents of it, without executing PHP code, you could use:

Fot this, the PHP setting allow_url_fopen must be turned on. An other option using cURL (shamelessly taken from PHP Manual):

<?php
// create a new cURL resource
$ch = curl_init();

// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
curl_setopt($ch, CURLOPT_HEADER, 0);

// grab URL and pass it to the browser
curl_exec($ch);

// close cURL resource, and free up system resources
curl_close($ch);
?>

You should pass it through htmlentities() if nescessary.

If you're on the same server, you could use:

<?php
readfile('footer.html');
?>

Answer 2

It's very bad practice. Instead of including it, why not include a local copy of the file and use SSH to sync it with the copy on the remote server.

Answer 3

from manual : http://php.net/manual/en/function.include.php

also read Security warning that attached

If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), you can specify the file to be included using a URL (via HTTP or other supported wrapper - see List of Supported Protocols/Wrappers for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.