Remote Includes

jarea

I think I know the answer to this but would like to get some confirmation.

I want to do a remote include of the results of a mysql query.

My understanding is that the remote server will process all of the php in the remote file and send an ordinary html file to the requesting browser (server). So any server could harbor the remote include, regardless of whether they can process PHP or not. My remote server is configured to look for PHP code in files with .php or .html extensions so the include can point to a file named http://www.remoteserver.com/foo_include.html

Does this work the way that I am explaining?

Also, one of the other threads on remote includes, somebody mentioned that remote includes are notorious for security problems. Given that the remote server should just be providing html, are there any security issues that I should be concerned with?

Thanks for the feedback.

Jim

drew010

If you try to do
include("http://www.remote.com/file.php");
it will send you the html of the processed php file. The requesting server does not get the php code.
If you want to remotely include php code, you can give it a text extension on the remote server so it wont be processed by php and
include("http://www.remote.com/php.txt");
will grab the php code and execute it on the requesting server. In this case its not a security issue unless someone changes the .txt file's contents.
Hopefully this answered your question.