$_SERVER[‘DOCUMENT_ROOT’] allows one to provide an absolute path to a file.
However, if the file is under the document root, is there an equivalent to $_SERVER[‘DOCUMENT_ROOT’]?
For example, I want to link to config.php in /home/user/config/ from files in the public_html directory. What is the best, most portable way to do this?
None that I’m aware of. You could use relative paths:
$_SERVER[“DOCUMENT_ROOT”] . “/…/config/config.php”;
But that’s about the only way I can think of to do that.
IMO, this approach won’t help a whole lot. If a hacker gets on the system, they’ll be able to read ‘config.php’ if they want to.
Thanks for your help, Thomas.
Is there no advantage of putting anything under the root directory then, apart from users not being able to access contents from the web?
If PHP can require/include the file, a hacker could do file_get_contents() on the file with a script they managed to upload into the document root.
I generally keep people out of files I don’t want them potentially execute directly by doing a ‘if (!defined(“SOME_CONSTANT”)) exit();’ at the top of the file and then make sure that it gets define()'d before including the file. Not every host offers space outside of the document root, which could make migration to another server difficult.
Thank you for the info and the tips, Thomas. It is much appreciated and has given me something to think about.