Frequently Asked Questions: php questions: page: 3
-
1
How can I make a textarea field on my form?
Use a code like this:
<textarea name="comments" rows="5" cols="40"></textarea>
All you have to do is change the name (in this case comments) so you know what this answer is about! You can, of course, change the rows number to reflect the height of your box, and the cols number to reflect the width of the box.
Please note: These tags don’t limit the length of a line someone can enter, or how many lines of text they can enter. They simply describe the appearance of the form.
If you want to supply some default text for the text area, you should place it before the </textarea> tag, like so:
<textarea name="comments" rows="5" cols="40">Text</textarea>
May 21, 2004 | 
By Louise | 
Filed under FAQ, NL-PHPMail, PHP, Scripts
-
2
Help! I’m trying to include a file with the following code: “include(”http://mydomain.com/file.php”);” but gives me an error. What’s wrong?
Instead of putting the full URL, put either a relative URL:
include "file.php";
or the absolute path:
include "/home/whatever/public_html/file.php";
The newest version of PHP doesn’t allow full URLs in includes. So stick to relative paths and absolute (server) paths and you should be ok.
One little tip: if you absolutely need to include a URL from a diferent server, put an @ in front of the include. That will hide the error message from the browser, however it doesn’t guarantee that your includes will work!
-
3
I’m using the include format “layout.php?x=file.html”, but someone told me that there could be a security problem with this. Is there?
In fact, yes, there are several possible security risks with this. Anyone could write a PHP script with malicious code and include it in your page, because it is your server that parses and runs that include. And even if no files from remote servers can be included, if the open_basedir setting isn’t correctly configured this could mean that someone can abuse this function to include and therefore view any of the server’s configuration files. Even if PHP has only access to folders beneath your web directory, if you have any configuration files containing passwords stored there that are not enclosed in php tags (for example config files for a Perl script), someone who knows the location of these files could include and thus view them.
Therefore it is usually better to do it the other way round and make a php page for every content page and “wrap” it in the layout with header and footer includes. It’s more secure, and better to crawl for search engines since some of them won’t index pages with the same filename and different parameters.
For more information on this, please read this forum thread.
