SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Addict Feudalism's Avatar
    Join Date
    Jun 2002
    Location
    Buenos Aires, Argentina
    Posts
    361
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    simple function include doesn't work if I remote include it.

    this function:

    PHP Code:
    function rs_array($table,$id){
        
    $sql="SELECT *    FROM " .$table" where id=" .$id;
        
    $r=mysql_query($sql);
        
    $rs mysql_fetch_array($rMYSQL_ASSOC);
        return(
    $rs);

    Works perfectly if I place it in the main file, for eg:
    index.php

    and it works perfectly if I include another file inside the same host:
    PHP Code:
    include ("functions.php"); 
    but it just collapses when i include the same function remotelly:
    PHP Code:
    include ("http://www.anotherdomain.com/inc/functions.php"); 
    First of all I thought that maybe it was some sort of remote-connection problem, but in the same example I am including another cross-domain file,
    PHP Code:
    include ("http://www.anotherdomain.com/inc/text.php"); 
    wich is not defining any function, but rather writting some dumb text, and it works nice.

    Any ideas?

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    When you include a file from another domain, you dont get the PHP code. You get the HTML output.

    Sorry, no hijacking people's functions that way.

  3. #3
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    and before you ask 'why not'...

    PHP Code:
    include('http://www.sitepoint.com/forums/db.php');
    $sql = new mysqli($db_host,$db_user,$db_pass,$db_dbase);
    $sql->query("DROP DATABASE forums;"); 
    Yay i crashed sitepoint forums in 3 lines of code....

    Yes, it would be the biggest security hole ever.

  4. #4
    SitePoint Addict Feudalism's Avatar
    Join Date
    Jun 2002
    Location
    Buenos Aires, Argentina
    Posts
    361
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I should have thought that!!

    So, if I have a standard function that I want to include in every site i own, but to update it from a single file, what should i do?

  5. #5
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Though i am very leary to suggest it... eval

    Keep in mind that using this would require your code to be visible to anyone who found the URL.

    Or, you could set a script up to check modification dates and FTP. Not quite the same thing, but effectively the same as versioning control.

  6. #6
    SitePoint Addict Feudalism's Avatar
    Join Date
    Jun 2002
    Location
    Buenos Aires, Argentina
    Posts
    361
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question

    Understood. Right now all those functions are very helpful and standard, just like text formatting, and those things. But you are right that maybe in the future there would be some major security data in those functions...

    So, there is no other option but to copy the functions.php file to every site I want to use it?

    Sorry I dont get those slang terms like "leary". I got from an online dictionary that it means something like "suspicious or wary". Is that what you meant?

  7. #7
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Yeah... I dont like commands that can run other commands coming in from the internet. :P
    Someone manages to slip in a fake filename to your script, and suddenly you're running their commands instead, possibly without you ever being aware. (PSN? Sorry, had to make the reference)

    You can set the sites up to FTP to the 'master' server and download the files... assuming of course that the remote servers allow it. Other than that, I dont know of a way.

  8. #8
    SitePoint Addict Feudalism's Avatar
    Join Date
    Jun 2002
    Location
    Buenos Aires, Argentina
    Posts
    361
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's ok! Thank you, you were very helpful. Right now I will choose to copy the file to every website, it's not a very though job to do, although i would miss the automatization!

  9. #9
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    669
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Feudalism View Post
    I should have thought that!!

    So, if I have a standard function that I want to include in every site i own, but to update it from a single file, what should i do?
    Put the code on one server in a .txt file instead. That way you can call it using file_get_contents(), cURL etc and it will still be output allowing you to run it through eval.

    Just be careful that only YOU can modify the .txt file and that your other websites cannot be 'influenced' into calling code from other URLs.
    I'll do anything to avoid working on my own code

    Are you using: if (isset($_POST['submit'])) ?
    IE has a bug and does not always send the value.

  10. #10
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Another alternative is to host all your sites on one machine, possibly within one hosting account (with multiple domains of course).

    That way you can include the file locally, which is (as StarLion already said) much safer.

    It'll take a bit of time to set up, of course.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •