Reference in include string from other include

[son]

I have a index.php file as:

<?phpinclude('inc/session.htm');include('inc/{$lang}/general.htm');include('inc/header.htm');$content = "inc/{$lang}/content/home.htm";include $content;include('inc/footer.htm');?>

where general.htm is:

$strings['home'] = "Home";$strings['about'] = "About";$strings['faq'] = "FAQ";$strings['contact'] = "Contact";

In header.htm I refer to strings from general.htm as:<?php echo $strings['home']; ?> etcThey do not show in index.php. general.htm is referenced before header.htm in index.php. Is it not possible to include a file with strings before another included file where those strings are used? Do not get what is going wrong...Any help appreciated.Thanks,Son

[Jesdisciple]

Change the name of general.htm to general.php and try it again. Although HTML can be included into a PHP file, I don't think any PHP in that HTML file will be parsed; it will just be sent to the browser.

[aspnetguy]

it is also a good idea to use include_once instead of include to ensure you are not including the file more than once

[jeffman]

Lest it go unsaid:One of the first steps to debugging is to check the return values of internal and external functions. If the include statements aren't working, you need a way to find out. There are so many ways to screw up a file path (especially one with a variable embedded in it) that you just have to make sure the include is not returning false.Even if that's not the case here, it's a habit to develop.

[zppblood]

include('inc/{$lang}/general.htm');The ' needs to be replaced with " since you are using a variable.

[son]

check the return values of internal and external functions

Thanks for all inputs. To change .htm to .php does not solve problem. Also remember reading that for an include file it does not matter (please correct me if I am wrong). Took advice for include_once, which makes total sense. Still, cannot find the problem. How do I check the return values? Also, I echoed the $lang, which shows correct value. The path is correct. How can I output all content from the general.htm file?Son

[Jesdisciple]

Did you change the quotes as mma suggested?As for .htm versus .php, I've never tried it; I just had a hunch that it wouldn't work. However, to reduce future confusion, I suggest that you adopt a habit of always using .php for PHP.I was going to suggest that based on security concerns, but your includes shouldn't be in a web-accessible directory in the first place. If they aren't, there's no security risk.

[jeffman]

How do I check the return values?

$result = include('inc/{$lang}/general.htm');if ($result) {   echo "Okay";} else {   echo "Oops";}

[son]

Will all the great help I received finally got there...$result = include "inc/{$lang}/general.php";did the trick...Thanks,Son

[jlhaslip]

You should be able to keep the html file extension by adding the PHp tokens insdie the file.Included files are always parsed as HTML file type, so adding the php start and end tags should work.Like so:

<?php$strings['home'] = "Home";$strings['about'] = "About";$strings['faq'] = "FAQ";$strings['contact'] = "Contact";?>

[son]

You should be able to keep the html file extension by adding the PHp tokens insdie the file.Included files are always parsed as HTML file type, so adding the php start and end tags should work.Like so:

<?php$strings['home'] = "Home";$strings['about'] = "About";$strings['faq'] = "FAQ";$strings['contact'] = "Contact";?>

Thanks for your input!Actually, just to pick up on issue of using either .htm or .php files. I can see that there might be a security issue if you have lots of programming in include file, so you might want to save it as .php. But what is with the files that have tiny bits like displaying strings from another include file or the include file with a listing of all strings? Is there a guideline when it is important to be more secure with .php?SonReason for edit: Forgot to ask one more questions

[Jesdisciple]

But what is with the files that have tiny bits like displaying strings from another include file or the include file with a listing of all strings?

Could you clarify what you mean, maybe with a small sample script?Also, note that if you consider the .htm a security concern, you need to move your includes to a directory that's inaccessible from the web.

[son]

Could you clarify what you mean, maybe with a small sample script?Also, note that if you consider the .htm a security concern, you need to move your includes to a directory that's inaccessible from the web.

If one include file echos only string, which are coming from another include file (which only has those strings) as:<?php echo $strings['about']; ?> in second include and $strings['about'] = "About"; in first include...There not really a security concern, is there? Maybe security just comes in when you have several lines of programming other than just echoing strings?Son

[Jesdisciple]

You're making me curious... Why would you want to only echo a bunch of strings? And can the names of those strings be used in any way to compromise your security? No matter how certain you may be, I wouldn't bet on it.Regardless, I consider it much simpler and safer (because you won't slip up on that one important file) to lock all includes up out of sight from the web. And once that's done, I consider it much simpler to also make all of them end in .php; this prevents confusion on your part and, if you have any, your teammates' parts.

[zppblood]

With the default settings in the apache configuration, it doesn't know that you want the HTML files to be parsed by the PHP interpretor and output the HTML, so if someone were to enter the URL in their address bar, they would see the PHP code by viewing the source.

[son]

I echo strings as the website consists of three different languages. I have a file for each language for the strings common to all page (like nav bar etc).Looks like I will have them all end in .php. Do you think I also have to put them outside of web directory? Is this not safe enough? (Sorry for stupid questions, but am not exactly a security expert).Son

[Jesdisciple]

Neither am I a security expert; that's why I advise every reasonable precaution. I can't think of any situation where having includes in a web-accessible directory might compromise security. However, I know that's one entirely unnecessary step closer to insecurity (unless you're on shared hosting, and then you still have .htaccess to do almost the same thing as hidden directories).

[son]

Neither am I a security expert; that's why I advise every reasonable precaution. I can't think of any situation where having includes in a web-accessible directory might compromise security. However, I know that's one entirely unnecessary step closer to insecurity (unless you're on shared hosting, and then you still have .htaccess to do almost the same thing as hidden directories).

Thanks for you advice:-)Son