PHP - Is “include” function secure?

Question

I\'m using the \"include\" function (e.x. \"include \'header2.php\'\" or \"include \'class.users.php\'\") to add the header or session class in my website. I don\'t really r

Answer 1

It all depends on how you implement it. If you specifically set the path, then it's secure. The attack could happen if you allow user input to determine the file path without sanitization or checks.

Insecure (Directory Traversal)

Insecure (URL fopen - If enabled)

Insecure

Partially Insecure ( *.php files are vulnerable )

Secure (Though not sure why anyone would do this.)

Secure