This post will continue my work in explaining some of the basic in-built functions of PHP. This time around, I will take you through the include() and require() functions, and explain their similarities and differences and pros and cons respectively.
The include() statement
Essentially, it is like the echo command in that it will output the contents of files to the php page. Text files for example will be displayed on the page. PHP files are also displayed on the page, but it renders to HTML beforehand, and you can’t see the actual code. This is a fact that many PHP developers use on a daily basis. Including a PHP file is effectively the same thing as if the contents of that file had been written into the main PHP file.
For example, if I had a PHP file called echo.php
<?php
echo("hello there");
?>
and another file called main.php
<?php
include("echo.php");
?>
Output:
hello there
This, essentially (on a virtual level) pastes the echo statement into the middle of the main.php file. This can be seen as basic Object Oriented scripting within PHP.
What makes this very useful in larger projects is that if you have a website where the content changes very frequently, you could have your main.php file display the header and footer and stuff and include a content.php file in the middle. In which case, instead of having to sift through a potentially large amount of code to find your content, you only have to change the content.php file. This is used for efficiency and for the ability to write thousands of complicated and messy functions in one file and reduce it to a single line include statement in the file where the functions are required.
If an include() statement fails, i.e. if the file does not exist, the include will generate an error of level E_WARNING. I will go through error levels in detail at some other time, but for now it is suffice to say that this will post a warning to your page and continue to execute the PHP script. This can be insecure for larger projects where the scripts may then generate errors from functions not existing, which could result in sensitive data being posted to anybody who visits the page.
The require() statement
It is exactly the same in functionality as the include() statement, but if it fails, it will generate an error of level E_ERROR which is seen by PHP as a fatal run-time error. This will write the error message to the screen, and then halt execution of the script completely. Therefore, it is much more secure.
So why use include() at all? Why not just use require() all the time if it’s so much more secure?
Because, include and require both handle errors in different ways, one or the other is more preferable in different scenarios. For example, when handling sensitive data in secure e-commerce transactions for example, you want the scripts to terminate to prevent things going disastrously wrong so that you don’t end up pulling silly amounts of money out of someone’s bank account or displaying bank details and database passwords etc on the page for the world to see. In this case, you would use require(). You would probably then want the page to catch the error, terminate scripts and redirect to a “safe” page which apologises profusely for the mess-up and promises that the issue will be resolved as soon as possible.
However, for other less critical projects, it is likely that you will want the page to continue displaying content so that the site can function as normally as possible. You’d catch the error (this will be covered in future PHP posts) and display an error message to the user saying “technical difficulties” or whatever and let the site get on with it.
Responses to “PHP include() and require()”
Leave a Reply