Test HTTP Requests Tools Blog Learn Quizzes Smile API Log In / Sign Up
Test HTTP Requests Tools Blog Learn Quizzes Smile API Log In / Sign Up
« Return to the tutorials list
We have updated the website and our policies to make sure your privacy rights and security are respected.
Click here to learn more about the way our website handles your data.

Remove this message.

Please don't...

Daniel Gheorghe Difficulty: 20 / 50 Tweet

This article is old. Be careful! It might contain outdated information.

denied sign

...hard-code paths into your code

 
   <?php 
    require "/home/user/public_html/somefile.php"; 
  ?>
 

How many times have you seen the above into PHP driven websites or applications ?

If your answer is something like "If I had a buck ... ", then you probably understand my suffering. However, if you think there's nothing wrong in the code above please continue reading.

The path to a file on a server, as its name suggests, DEPENDS on the server.

If you hard-code paths, when changing servers, those paths will stop working and therefor you will need to go into every file that has such paths and change them to match the new server file system.

In order to avoid this headache, inside the entry point of your app/website or in a configuration file define a constant that represents the base path for your code. In other words, define the path leading to your app folder as a constant and use it in your entire code.

  
    <?php
    //your config file or your apps entry point
    define('BASE_PATH', dirname(__FILE__)); //now BASE_PATH will always be the path leading to your code... on any server

    //and then in any other file just do this:
    require BASE_PATH . '/some_folder/some_file.php';
    ?>
  

...hard-code URLs into your code

 
  <img src="http://www.example.com/images/some_image.jpg">
 

If the above looks OK to you then please read on.

The domain should never be hard-coded and it is also a good practice to use constants for various reusable paths within your code.

The code above would cause all your URLs to break if you move the website to a development server accessible through a different URL or if you change the folder where your images are stored.

To avoid this, you could define your base URL using a snippet similar to the one below and you could define the folder where images are stored in another constant so that you only need to change one thing to make all your URLs work.


  <?php
  //your config file or your apps entry point
  define('BASE_URL', "http://www.example.com");
  define('IMAGES_URL', BASE_URL . '/images');

  //and then in any other file just do this:
  echo '<img src="'.IMAGES_URL.'/some_image.jpg">';
  ?>

...allow direct access to your included files

You sometimes need to include separate files to allow easy maintenance of your code, to use design patterns and to make your code reusable.

When you do that, keep one thing in mind. People should not be able to access your files separately they should only be able to access the main application file. Allowing this has huge security implications and it should be avoided.

The simplest way to deny direct access to included files is to define a constant in your main app file, and then check if that constant is defined in all other files that you are including.


  <?php
  //your main app file
  define("MY_APP", "");
  >

  <?php
  //and then in any other file just do this:
  defined("MY_APP") or die("Access Denied"); // by doing this in your included files you can make sure that no one can access this file directly
  //then add your code
  ?>

comments powered by Disqus