Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : PHP Options&Information : get_included_files

get_included_files

Returns an array with the names of included or required files (PHP 4, PHP 5)
array get_included_files ( )

Example 1837. get_included_files() example

<?php
// This file is abc.php

include 'test1.php';
include_once
'test2.php';
require
'test3.php';
require_once
'test4.php';

$included_files = get_included_files();

foreach (
$included_files as $filename) {
   echo
"$filename\n";
}

?>

The above example will output:

abc.php
test1.php
test2.php
test3.php
test4.php

Code Examples / Notes » get_included_files

warhog

The example is simply wrong as the behaviour of this function changed. It now in fact returns some absolut filenames (like you were using realpath() on them). In the past it returned the same string that was used to include/require the file.
example (file in /var/www ):
require('../www/somefile.php');
would be listed as ../www/somefile.php in the past but now as /var/www/somefile.php . The problem with the prior behaviour was that when you changed the working directory and used realpath() on the filenames than you got the wrong file or FALSE. I think the behviour was changed with PHP 5.0.0 (and therefor PHP 4.3.0) but I'm not sure. It is not mentioned here in the manual unfortunately.


indigohaze

Something that's not noted in the docs, if a file is included remotely and you do a get_included_files() in the include itself it will *not* return the document that included it.
ie:
test2.php (server 192.168.1.14):
<?php
include("http://192.168.1.11/test/test3.php");
?>
test3.php (server 192.168.1.11):
<?php
$files = get_included_files();
print_r($files);
?>
returns:
Array ( [0] => /var/www/localhost/htdocs/test/test3.php )
Which means you can use get_included_files() to help intercept and prevent XSS-style attacks against your code.


ahmetantmen

Note that; you can't solve primary filename with get_included_files() to block directly accesses if you using a graphic file created with php or a stylesheet or a php script run under iframe and etc...

php

Just FYI, the given example will return this ONLY if executed from the filesystem root:
abc.php
test1.php
test2.php
test3.php
test4.php
What makes this function useful is that it actually returns the complete path of each file.  Like this:
/path/including/document_root/to/abc.php
/path/including/document_root/to/test1.php
/path/including/document_root/to/test2.php
/path/including/document_root/to/test3.php
/path/including/document_root/to/test4.php


gamblor

In regards to
__FILE__ != $_SERVER['SCRIPT_FILENAME'] to check for a file as an include:
This only works if you are using PHP as an Apache module; when using PHP as a CGI binary on shared hosts, the filepaths may differ, even if they end up pointing to the exact same file.
For example, __FILE__ might be /home/SERVER/USER/SITE/test.php
and $_SERVER['SCRIPT_FILENAME'] might be /home/USER/SITE/test.php
Because of the SERVER included in the __FILE__ path, the comparison returns true, even though the file is not being included by any other file.


quis -at- maffiaworld -dot- n e t

If you wan`t to compare __FILE__ and $_SERVER['SCRIPT_NAME']
you could use realpath()
it strips out symlinks and things like that
realpath(__FILE__) == realpath($_SERVER['SCRIPT_NAME'])


yarco dot w

If you have a MAIN php script which you don't want to be included by other scripts, you could use this function. For example:
main.php:
<?php
function blockit()
{
 $buf = get_included_files();
 return $buf[0] != __FILE__;
}
blockit() and exit("You can not include a MAIN file as a part of your script.");
print "OK";
?>
So other script couldn't include main.php to modify its internal global vars.


keystorm :at: gmail dotcom

As of PHP5, this function seems to return an array with the first index being the script all subsequent scripts are included to.
If index.php includes b.php and c.php and calls get_included_files(), the returned array looks as follows:
index.php
a.php
b.php
while in PHP<5 the array would be:
a.php
b.php
If you want to know which is the script that is including current script you can use $_SERVER['SCRIPT_FILENAME'] or any other similar server global.
If you also want to ensure current script is being included and not run independently you should evaluate following expression:
__FILE__ != $_SERVER['SCRIPT_FILENAME']
If this expression returns TRUE, current script is being included or required.


rpaseur

As is often the case, YMMV.  I tried the __FILE__ and SCRIPT_FILENAME comparison and found this:
SCRIPT_FILENAME: /var/www/cgi-bin/php441
__FILE__: /raid/home/natpresch/natpresch/RAY_included.php
As an alternative:
count(get_included_files());
Gives one when the script is standalone and always more than one when the script is included.


131 dot php

Actually, auto_prepend_files are listed with  get_included_files ( php 5.2 )

Change Language


Follow Navioo On Twitter
assert_options
assert
dl
extension_loaded
get_cfg_var
get_current_user
get_defined_constants
get_extension_funcs
get_include_path
get_included_files
get_loaded_extensions
get_magic_quotes_gpc
get_magic_quotes_runtime
get_required_files
getenv
getlastmod
getmygid
getmyinode
getmypid
getmyuid
getopt
getrusage
ini_alter
ini_get_all
ini_get
ini_restore
ini_set
main
memory_get_peak_usage
memory_get_usage
php_ini_scanned_files
php_logo_guid
php_sapi_name
php_uname
phpcredits
phpinfo
phpversion
putenv
restore_include_path
set_include_path
set_magic_quotes_runtime
set_time_limit
sys_get_temp_dir
version_compare
zend_logo_guid
zend_thread_id
zend_version
eXTReMe Tracker