Hi Guys,

I have to ask another question as you were so good as answering the last one :)

I am currently finishing off my site and i want to write some articles. I have the code to display them currently in the main index.php file. I want to take them out and put them in a seperate file to reduce the size of the index file. So that when someone wants to view the article it will read the text file and display it.

All it needs to do is read to the end of file and echo the text onto screen.

Cheers
Richard

I'm, not really a PHP guy, but I *think* you want to look into PHP's include() and require() functions.

Or possibly just a plain old <!--include virtual="/path/to/file.php"--> would suffice.

Try google or http://www.php.net/

;)

cheers

alastair

I was looking in the manual on php.net

Basically this is what i came up with

$filename = file('test.txt');
$content = readfile($filename);
echo " $content";

But this threw up some errors.

Cheers
Richard

readfile will probably return a number at that end of that as it returns the number of bytes i nthe file


if you are usign php v4.3.0 or greater then there is the command
file_get_contents()


so could so

$text = file_get_contents('filename');


if you are not usign 4.3.0 or greater then you can acheave similar thing with the file() command
but it enters info nto an array

you cna get by this with a line liek this

$text = implode ('', file ('filename'));



Originally posted by shifty.ricky
I was looking in the manual on php.net

Basically this is what i came up with

$filename = file('test.txt');
$content = readfile($filename);
echo " $content";

But this threw up some errors.

Cheers
Richard

what errors it throw up?



just to comment on the suggest about require() or include()
it is my udnerstanding that the problem with this would be that it always loads the file
as oppossed to loading it if and when it is required

so there is no point putting it into another file if you did that

$filename = file('test.txt');
$content = readfile($filename);
echo " $content";
readfile() does essentially the same thing as file(), except that it doesn't store the information in a helpful fashion. file() puts it in a nice easy array; file_get_contents() puts it in a string. Therefore the code you have there isn't working because you're trying to do a file operation on an array.

Assuming all you want to do is display "test.txt" inline in the web page, my advice is to leave file() and readfile() alone and use include() instead. Inserting another file into the middle of a page is include()'s purpose in life.include('test.txt');
is all you need to do it. If you're looking to do something cleverer/fancier than this, please give us some more details.

Note: include() and require() are identical in function EXCEPT require() will stop a script from completing execution if an error occurs (fatal error) while include() will only throw up a warning.

HTH

just to comment on the suggest about require() or include() it is my udnerstanding that the problem with this would be that it always loads the file
as oppossed to loading it if and when it is required

You could be right, but I'm sure include(), being a PHP command, includes the file only when its executed (as opposed to the <!-- --> type of include), so it is possible to use it dynamically within PHP control structures. (I think that makes sense...)

If not I'm going to have to have a word with PHP'ers who keep holding 'dynamic includes' as something PHP can do that ASP can't :D

cheers

alastair

cheers guys....as you can guess i am still new to this thing.

Cheers
Richard

Isn't putting a simple

"include('test.txt');"

A major security risk?

Isn't putting a simple
"include('test.txt');"
A major security risk?
Er... how do you mean?

well, i was reading the comments on the php include function explation over on php.net, and there was a discussion about how unsafe it is unless you add all this other stuff in, they said its possible for someone to really damage your site by running their own scripts and stuff. Heres a quote:


As to the security risks of an include statement like:

<?php
include($page);
?>

This is a really bad way on writing an include statement because the user could include server- or password-files which PHP can read as well. You could check the $page variable first but a simple check like

<?php
if ( file_exists($page) ) AND !preg_match("#^\.\./#",$page) )
include($page);
?>

wont make it any safer. ( Think of $page = 'pages/../../../etc/passwd' )

To be sure only pages are called you want the user to call use something like this:

<?php
$path = 'pages/';
$extension = '.php';

if ( preg_match("#^[a-z0-9_]+$#i",$page) ){
$filename = $path.$page.$extension;
include($filename);
}
?>

This will only make sure only files from the directory $path are called if they have the fileextension $extension.

Right. :)<?php include($page); ?> is only a security risk if you've written your PHP scripts in such a way as to allow the user to set variables AND the web server is set up in a way that allows this to be exploited. To explain...

PHP can take variables from the URL. I'll use the URL of the page I'm writing this on as an example:
http://www.kustompcs.co.uk/forums/newreply.php?s=&action=newreply&threadid=6257It's the bits after the question mark that matter here.

? tells PHP to expect variables
s= would assign a value to $s if there was anything after the "="
& tells PHP that this is the next variable
action=newreply assigns the value "newreply" to $action
& next variable
threadid=6257 assigns the value "6257" to $threadid

Hence you can see that if you had a URL like:http://www.myserver.com/myscript.php?page=mypageand myscript.php contained the line:<?php include($mypage); ?>then it would be a potential security risk if some enterprising malcontent knew the location of some sensitive files on your web server, or could be bothered looking for them.

I say potential because most web servers are set up specifically not to allow PHP to read these files. You shouldn't run your own server if you don't know how to do this and any web hosts with security holes like this likely won't stay in business very long. :)

Hope that clears things up.

Originally posted by Splaty
Isn't putting a simple

"include('test.txt');"

A major security risk?

It could be but as its only a text file and there is a .htaccess file that stops anything other than the local machine accessing the /archive folder then there is no chance that anyone could run thier own file.

Cheers
Richard

Thanks for clearing that up maniacyak :)