Returns an array with the names of included or required files
(PHP 4, PHP 5)
Example 1837. get_included_files() example
The above example will output:
Code Examples / Notes » get_included_files
The example is simply wrong as the behaviour of this function changed. It now in fact returns some absolut filenames (like you were using realpath() on them). In the past it returned the same string that was used to include/require the file.
example (file in /var/www ):
would be listed as ../www/somefile.php in the past but now as /var/www/somefile.php . The problem with the prior behaviour was that when you changed the working directory and used realpath() on the filenames than you got the wrong file or FALSE. I think the behviour was changed with PHP 5.0.0 (and therefor PHP 4.3.0) but I'm not sure. It is not mentioned here in the manual unfortunately.
Something that's not noted in the docs, if a file is included remotely and you do a get_included_files() in the include itself it will *not* return the document that included it.
test2.php (server 192.168.1.14):
test3.php (server 192.168.1.11):
$files = get_included_files();
Array (  => /var/www/localhost/htdocs/test/test3.php )
Which means you can use get_included_files() to help intercept and prevent XSS-style attacks against your code.
Note that; you can't solve primary filename with get_included_files() to block directly accesses if you using a graphic file created with php or a stylesheet or a php script run under iframe and etc...
Just FYI, the given example will return this ONLY if executed from the filesystem root:
What makes this function useful is that it actually returns the complete path of each file. Like this:
In regards to
__FILE__ != $_SERVER['SCRIPT_FILENAME'] to check for a file as an include:
This only works if you are using PHP as an Apache module; when using PHP as a CGI binary on shared hosts, the filepaths may differ, even if they end up pointing to the exact same file.
For example, __FILE__ might be /home/SERVER/USER/SITE/test.php
and $_SERVER['SCRIPT_FILENAME'] might be /home/USER/SITE/test.php
Because of the SERVER included in the __FILE__ path, the comparison returns true, even though the file is not being included by any other file.
quis -at- maffiaworld -dot- n e t
If you wan`t to compare __FILE__ and $_SERVER['SCRIPT_NAME']
you could use realpath()
it strips out symlinks and things like that
realpath(__FILE__) == realpath($_SERVER['SCRIPT_NAME'])
yarco dot w
If you have a MAIN php script which you don't want to be included by other scripts, you could use this function. For example:
$buf = get_included_files();
return $buf != __FILE__;
blockit() and exit("You can not include a MAIN file as a part of your script.");
So other script couldn't include main.php to modify its internal global vars.
keystorm :at: gmail dotcom
As of PHP5, this function seems to return an array with the first index being the script all subsequent scripts are included to.
If index.php includes b.php and c.php and calls get_included_files(), the returned array looks as follows:
while in PHP<5 the array would be:
If you want to know which is the script that is including current script you can use $_SERVER['SCRIPT_FILENAME'] or any other similar server global.
If you also want to ensure current script is being included and not run independently you should evaluate following expression:
__FILE__ != $_SERVER['SCRIPT_FILENAME']
If this expression returns TRUE, current script is being included or required.
As is often the case, YMMV. I tried the __FILE__ and SCRIPT_FILENAME comparison and found this:
As an alternative:
Gives one when the script is standalone and always more than one when the script is included.
131 dot php
Actually, auto_prepend_files are listed with get_included_files ( php 5.2 )