Using HTTP:// in PHP INCLUDES?

jpkuzma

I'm using some code in my PHP programs that calls a file and passes variables to it to grab information from a mySQL database.

The include looks something like this:

<?include('http://www.domain.com/inc/getstring.php?s=undergoundNews'>

Obviously, since I'm POSTING (or is it GETTING) information to that file, I have to use a HTTP.

My web hosting company is telling me that this is a security breach, and their systems look at this as if there's a problem on the site... and blocks my account until an admin clears it.

I can rewrite stuff to use functions in an include file; but I was wondering if this makes sense or is my web hosting company giving me a bunch of crap?

Thanks,
Joe

planetsim

Not only is it syntacitly incorrect also.

Id suggest reading here on include

http://www.php.net/manual/en/function.include.php

jpkuzma

Sorry for my syntax error, it was a typo. I thought people would get the jist of what I'm saying anyhow.

I did read the php.net reference material and it does not answer my question.

Regards,
Joe

dalecosp

Likely they have enabled PHP's "safe mode".

I've no particular idea of why this is a security issue, but if it wasn't, it wouldn't be mentioned in php.ini.

Can you work around it with a socket call? (hmm, probably not....) How 'bout fopen()?

jpkuzma

Thanks for the help.

The code was written to pull text from a database record, and it was done this way to reduce complexity on putting it out there, as I'm working with a novice HTML editor and to make things as easy as possible was best ;-)

But as it turns out, it was hogging the server big time.

What I did is I converted the PHP code into functions. I put all the functions in one file "include.php". And then I instructed them to put an include = /inc/include.php in the top of each page that calls the database. And instead of incuding an http://www.domain.com?v=command they make a function call passing the information through the function call.

This works great, and has improved performance 100 fold on the web server.

-joe