使用包含包含 php 代码的跨域 - 失败
我有一系列网站,全部托管在具有不同域的同一服务器上。我想托管一些常见的 PHP 脚本,然后能够从其他域调用它们。
我对我的 php 有点陌生,所以请原谅代码尝试 - 我已经尝试了以下迭代,这可能会尝试帮助您理解我的目标!
从 php 标签内...
include('http://www.mydomain/common_include.php?show_section=$section');
$show_section = $_GET['show_section'];
include('http://www.mydomain/common_include.php');//Then $show_section would be available to the included file/cod
最后我尝试拉入包含一个函数的包含文件,然后尝试从父脚本运行该包含文件。
- 我更愿意保留这个 PHP 定向而不是获取 与服务器相关(文件 系统等(但我可以改变 权限等)
- 我可以,但不想将相同的库分别上传到每个域,
- 我了解 PHP 在服务器上运行,因此将脚本包含到另一台服务器上可能会出现问题。
提前致谢。
#编辑 好的好的 - 我知道这是不好的做法,所以不会这样做......非常感谢您的快速回答。 但是,是否有其他建议如何在所有站点上基本上显示这个基本的 php 应用程序,而不必将文件添加到每个站点的根目录?只是为了防止大量脚本重复...(大声思考从数据库或任何其他解决方案中调用脚本) 再次感谢您的帮助
I have a series of web sites all hosted on the same server with different domains. I want to host some common PHP scrips and then be able to call these from the other domains.
Im am a bit fresh with my php so pls excuse code attempts - I have tried iterations of the following which may try and help you understand what I am aiming for!
from within php tags ...
include('http://www.mydomain/common_include.php?show_section=$section');
$show_section = $_GET['show_section'];
include('http://www.mydomain/common_include.php');//Then $show_section would be available to the included file/cod
Finally I have tried pulling in the include which contains a function then trying to run that include from the parent script.
- I would much prefer to keep this PHP
orientated rather than getting
involved with the server (file
systems etc (but I can change
permissions etc) - I can but would prefer not to just upload the same library to each of the domains separately
- I understand PHP is run on the server hence maybe problematic to include scripts across onto another server.
Thanks in advance.
#
EDIT
OK OK - I get that its bad practice so will not do it....THANKS VERY MUCH FOR THE QUICK ANSWERS.
However is there any other recommendations of how to esentially show this basic php app on all of the sites with out haveing to add the files to the root of each site? Just to prevent massive script duplication...(thinking out loud call the scripts in from a db or anyother soloutions)
Again thanks for your assistance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
如果您只将远程 PHP 文件包含到您自己的项目中,那将是一个巨大的安全风险。 PHP 在服务器将其发送给您之前进行解析,因此跨域包含将仅包含脚本生成的输出。包含 PHP 文件以便执行它们的唯一方法是通过本地文件系统。
如果您查看 PHP.net 关于 include 的文档,您可以找到以下内容:
这几乎解释了整个事情。
That would be a huge security risk if you could just include remote PHP files to your own projects. The PHP gets parsed before the server sends it to you so cross-domain includes would only contain the output the script generates. The only way to include PHP files so that they can be executed is via local filesystem.
If you look at PHP.net's documentation about include, you can find this:
Which pretty much explains the whole thing.
最初问题的根源似乎是发帖者担心在多个站点上使用 PHP 脚本或插件,然后每次需要更新时都会面临繁重的任务。虽然尝试跨站点包含 PHP 文件是一个坏主意,但将脚本构建为尽可能独立是一个更好的计划。将整个插件包含在一个目录中......并确保使用它的函数调用格式尽可能良好 - 干净、命名良好的函数、统一的命名约定以及针对每个函数需要的参数的深思熟虑的计划。避免使用全局变量。
理想情况下,每次需要更新所有位置的插件/脚本时,您都应该非常轻松。您甚至可以设置一个自动化流程,将包含插件的新目录上传到每个站点以替换旧目录。并且代码中的函数调用应该很少发生变化。
如果您的脚本足够大,您可以实现自动更新过程,就像最新版本的 WordPress 使用一样。单击一个按钮,它会自行更新。过去,更新十几个运行 Wordpress 的网站(例如)是一件非常痛苦的事情。
The root of the original question seemed to be the poster's concern about using a PHP script or plugin on multiple sites and then having an onerous task each time it needs to be updated. While trying to include PHP files across sites is a bad idea, it is a better plan to structure your script to be as self contained as possible. Keep the entire plugin contained in one directory.... and ensure your function calls to utilize it are as well formed as possible - clean, well named functions, uniform naming conventions and a well thought out plan for what parameters each function needs. Avoid using global variables.
Ideally you should then have quite an easy time each time you need to update the plugin/script in all locations. You can even set up an automated process that will upload the new directory containing the plugin to each site replacing the old one. And the function calls within your code should rarely if ever change.
If your script is big enough you might implement an automatic update process like the more recent versions of Wordpress use. Click a button and it updates itself. In the past, updating a dozen sites running Wordpress (as an example) was a massive pain.
这是非常糟糕的做法。
实际上,您不包括 PHP,而只包括 HTML 代码。
包括文件,而不是网址。同一服务器是可能的。
只需使用这些文件的绝对路径即可。
That is very bad practice.
Actually you're including not PHP but just HTML code.
Include files, not urls. It is possible for the same server.
Just use absolute path to these files.
除了这是一个不好的做法之外,您还应该首先检查 include 是否允许 URL(如果您确实想要这样做)。
但是,如果所有站点都需要使用该脚本,则可以将脚本放在执行 php 的用户可以访问的目录中的某个位置,并将该目录添加到 php.ini include_path 属性 (也可以在运行时完成)
(或者您可以创建一个 php 扩展并将其作为扩展加载)
Apart from the fact that it's a bad practice you should first check if include allows URLs if you really want to do that.
If however all the sites that need to use the script, you could put the script somewhere in a directory accessible by the user that executes php and add that dir to the php.ini include_path property (can also be done at runtime)
(Or you could create a php extension and load it as extension)
如果您拥有该服务器的根权限,则可以仅使用文件系统根目录的绝对路径,但大多数主机不允许您这样做。
If you have root rights on that server, you could just use absolute path from filesystem root, but most hostings won't let you do this.